65decb944d729112c8f88471e472cd9cf7360181
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-11-08  Michael Saboff  <msaboff@apple.com>
2
3         Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
4         https://bugs.webkit.org/show_bug.cgi?id=71761
5
6         Templatized Parser based on Lexer<T>. Moved two enums,
7         SourceElementsMode and FunctionRequirements out of Parser definition
8         to work around a clang compiler defect.
9
10         Cleaned up SourceCode data() to return StringImpl* and eliminated
11         the recently added stringData() virtual method.
12
13         To keep code in Parser.cpp and keep Parser.h small, the two flavors
14         of Parser are explicitly instantiated at the end of Parser.cpp.
15
16         Reviewed by Gavin Barraclough.
17
18         * interpreter/Interpreter.cpp:
19         (JSC::appendSourceToError):
20         * parser/Lexer.cpp:
21         (JSC::::setCode):
22         (JSC::::sourceCode):
23         * parser/Parser.cpp:
24         (JSC::::Parser):
25         (JSC::::~Parser):
26         (JSC::::parseInner):
27         (JSC::::didFinishParsing):
28         (JSC::::allowAutomaticSemicolon):
29         (JSC::::parseSourceElements):
30         (JSC::::parseVarDeclaration):
31         (JSC::::parseConstDeclaration):
32         (JSC::::parseDoWhileStatement):
33         (JSC::::parseWhileStatement):
34         (JSC::::parseVarDeclarationList):
35         (JSC::::parseConstDeclarationList):
36         (JSC::::parseForStatement):
37         (JSC::::parseBreakStatement):
38         (JSC::::parseContinueStatement):
39         (JSC::::parseReturnStatement):
40         (JSC::::parseThrowStatement):
41         (JSC::::parseWithStatement):
42         (JSC::::parseSwitchStatement):
43         (JSC::::parseSwitchClauses):
44         (JSC::::parseSwitchDefaultClause):
45         (JSC::::parseTryStatement):
46         (JSC::::parseDebuggerStatement):
47         (JSC::::parseBlockStatement):
48         (JSC::::parseStatement):
49         (JSC::::parseFormalParameters):
50         (JSC::::parseFunctionBody):
51         (JSC::::parseFunctionInfo):
52         (JSC::::parseFunctionDeclaration):
53         (JSC::::parseExpressionOrLabelStatement):
54         (JSC::::parseExpressionStatement):
55         (JSC::::parseIfStatement):
56         (JSC::::parseExpression):
57         (JSC::::parseAssignmentExpression):
58         (JSC::::parseConditionalExpression):
59         (JSC::::isBinaryOperator):
60         (JSC::::parseBinaryExpression):
61         (JSC::::parseProperty):
62         (JSC::::parseObjectLiteral):
63         (JSC::::parseStrictObjectLiteral):
64         (JSC::::parseArrayLiteral):
65         (JSC::::parsePrimaryExpression):
66         (JSC::::parseArguments):
67         (JSC::::parseMemberExpression):
68         (JSC::::parseUnaryExpression):
69         * parser/Parser.h:
70         (JSC::::parse):
71         (JSC::parse):
72         * parser/SourceCode.h:
73         (JSC::SourceCode::data):
74         (JSC::SourceCode::subExpression):
75         * parser/SourceProvider.h:
76         (JSC::UStringSourceProvider::data):
77
78 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
79
80         DFG JIT calculation of OSR entry points is not THUMB2 safe
81         https://bugs.webkit.org/show_bug.cgi?id=71852
82
83         Reviewed by Oliver Hunt.
84
85         Executable addresses are tagged with a low bit set to distinguish
86         between THUMB2 and traditional ARM.
87
88         * dfg/DFGJITCompiler.cpp:
89         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
90         * dfg/DFGJITCompiler32_64.cpp:
91         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
92         * dfg/DFGOSREntry.cpp:
93         (JSC::DFG::prepareOSREntry):
94         * jit/JITCode.h:
95         (JSC::JITCode::executableAddressAtOffset):
96         (JSC::JITCode::start):
97         (JSC::JITCode::size):
98
99 2011-11-08  Michael Saboff  <msaboff@apple.com>
100
101         JSC::Parser::Parser leaks Lexer member
102         https://bugs.webkit.org/show_bug.cgi?id=71847
103
104         Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
105
106         Reviewed by Oliver Hunt.
107
108         * parser/Parser.cpp:
109         (JSC::Parser::Parser):
110         (JSC::Parser::parseFunctionBody):
111         * parser/Parser.h:
112
113 2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
114
115         Enable DFG JIT by default on X86 Linux and Mac platforms
116         https://bugs.webkit.org/show_bug.cgi?id=71686
117
118         Reviewed by Filip Pizlo.
119
120         We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
121
122         * wtf/Platform.h:
123
124 2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
125
126         DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
127         https://bugs.webkit.org/show_bug.cgi?id=71768
128
129         Reviewed by Geoffrey Garen.
130
131         Also includes a fix to make the newly introduced AssemblyHelpers
132         friend of JSValue as we need the Tag definitions.
133
134         * CMakeListsEfl.txt:
135         * GNUmakefile.list.am:
136         * Target.pri:
137         * runtime/JSValue.h:
138
139 2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
140
141         Fix gcc 4.4 compilation warnings in DFG 32_64
142         https://bugs.webkit.org/show_bug.cgi?id=71762
143
144         Reviewed by Filip Pizlo.
145
146         * dfg/DFGJITCodeGenerator.h:
147         (JSC::DFG::JITCodeGenerator::registersMatched):
148
149 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
150
151         DFG code base should allow for classes not related to DFG::JITCompiler
152         to use DFG idioms
153         https://bugs.webkit.org/show_bug.cgi?id=71746
154
155         Reviewed by Gavin Barraclough.
156
157         * JavaScriptCore.xcodeproj/project.pbxproj:
158         * dfg/DFGAssemblyHelpers.cpp: Added.
159         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
160         (JSC::DFG::AssemblyHelpers::emitCount):
161         (JSC::DFG::AssemblyHelpers::setSamplingFlag):
162         (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
163         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
164         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
165         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
166         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
167         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
168         * dfg/DFGAssemblyHelpers.h: Added.
169         * dfg/DFGJITCompiler.cpp:
170         * dfg/DFGJITCompiler.h:
171         (JSC::DFG::JITCompiler::JITCompiler):
172         (JSC::DFG::JITCompiler::graph):
173         * dfg/DFGJITCompiler32_64.cpp:
174         * dfg/DFGOSRExit.h: Added.
175         (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
176         (JSC::DFG::SpeculationRecovery::type):
177         (JSC::DFG::SpeculationRecovery::dest):
178         (JSC::DFG::SpeculationRecovery::src):
179         (JSC::DFG::OSRExit::numberOfRecoveries):
180         (JSC::DFG::OSRExit::valueRecovery):
181         (JSC::DFG::OSRExit::isArgument):
182         (JSC::DFG::OSRExit::isVariable):
183         (JSC::DFG::OSRExit::argumentForIndex):
184         (JSC::DFG::OSRExit::variableForIndex):
185         (JSC::DFG::OSRExit::operandForArgument):
186         (JSC::DFG::OSRExit::operandForIndex):
187         * dfg/DFGSpeculativeJIT.h:
188
189 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
190
191         Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
192         but it appears to help on other benchmarks.
193
194         Rubber stamped by Oliver Hunt.
195
196         * bytecode/ValueProfile.h:
197
198 2011-11-07  Ariya Hidayat  <ariya@sencha.com>
199
200         "use strict" can not contain escape sequences or line continuation
201         https://bugs.webkit.org/show_bug.cgi?id=71532
202
203         Reviewed by Darin Adler.
204
205         Store the actual literal length (before the escapes and line
206         continuation are encoded) while parsing the directive and use it
207         for the directive comparison.
208
209         * parser/Parser.cpp:
210         (JSC::Parser::parseSourceElements):
211         (JSC::Parser::parseStatement):
212         * parser/Parser.h:
213
214 2011-11-06  Filip Pizlo  <fpizlo@apple.com>
215
216         DFG operationCreateThis slow path may get the wrong callee in case of inlining
217         https://bugs.webkit.org/show_bug.cgi?id=71647
218
219         Reviewed by Oliver Hunt.
220         
221         No new tests because I only saw this manifest itself when I had other bugs
222         leading to spurious slow path executions.
223
224         * dfg/DFGJITCodeGenerator.h:
225         (JSC::DFG::callOperation):
226         * dfg/DFGOperations.cpp:
227         * dfg/DFGOperations.h:
228         * dfg/DFGSpeculativeJIT32_64.cpp:
229         (JSC::DFG::SpeculativeJIT::compile):
230         * dfg/DFGSpeculativeJIT64.cpp:
231         (JSC::DFG::SpeculativeJIT::compile):
232
233 2011-11-07  Mark Hahnenberg  <mhahnenberg@apple.com>
234
235         De-virtualize JSObject::putWithAttributes
236         https://bugs.webkit.org/show_bug.cgi?id=71716
237
238         Reviewed by Darin Adler.
239
240         Added putWithAttributes to the MethodTable, changed all the virtual 
241         implementations of putWithAttributes to static ones, and replaced 
242         all call sites with corresponding lookups in the MethodTable.
243
244         * API/JSObjectRef.cpp:
245         (JSObjectSetProperty):
246         * JavaScriptCore.exp:
247         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
248         * debugger/DebuggerActivation.cpp:
249         (JSC::DebuggerActivation::putWithAttributes):
250         * debugger/DebuggerActivation.h:
251         * interpreter/Interpreter.cpp:
252         (JSC::Interpreter::execute):
253         * runtime/ClassInfo.h:
254         * runtime/JSActivation.cpp:
255         (JSC::JSActivation::putWithAttributes):
256         * runtime/JSActivation.h:
257         * runtime/JSCell.cpp:
258         (JSC::JSCell::putWithAttributes):
259         * runtime/JSCell.h:
260         * runtime/JSGlobalObject.cpp:
261         (JSC::JSGlobalObject::putWithAttributes):
262         * runtime/JSGlobalObject.h:
263         * runtime/JSObject.cpp:
264         (JSC::JSObject::putWithAttributes):
265         (JSC::putDescriptor):
266         * runtime/JSObject.h:
267         * runtime/JSStaticScopeObject.cpp:
268         (JSC::JSStaticScopeObject::putWithAttributes):
269         * runtime/JSStaticScopeObject.h:
270         * runtime/JSVariableObject.cpp:
271         (JSC::JSVariableObject::putWithAttributes):
272         * runtime/JSVariableObject.h:
273
274 2011-11-07  Dmitry Lomov  <dslomov@google.com>
275
276         Unreviewed. Release build fix.
277
278         * parser/Lexer.cpp:
279         (JSC::assertCharIsIn8BitRange):
280
281 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
282
283         Switch the value profiler back to 8 buckets, because we suspect that while this
284         is more expensive it's also more stable.
285
286         Rubber stamped by Geoff Garen.
287
288         * bytecode/ValueProfile.h:
289
290 2011-11-07  Andrew Wason  <rectalogic@rectalogic.com>
291
292         Uninitialized Heap member var
293         https://bugs.webkit.org/show_bug.cgi?id=71722
294
295         Reviewed by Filip Pizlo.
296
297         * heap/Heap.cpp:
298         (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
299
300 2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
301
302         DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
303         https://bugs.webkit.org/show_bug.cgi?id=71684
304
305         Reviewed by Filip Pizlo.
306
307         Currently in DFG JIT, we try to reuse the physical register of an
308         operand for temporary usage if the current use of the operand is the
309         last use. But sometimes this can be wrong, for example if there are
310         possible speculation failures and we need to fallback to baseline JIT,
311         the value of the operand which is supposed to be hold in the physical
312         register can be modified by register reusing. The fixes the last
313         inspector failures in layout test on Mac 32-bit if switching on DFG.
314
315         * dfg/DFGSpeculativeJIT32_64.cpp:
316         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
317         (JSC::DFG::SpeculativeJIT::compile):
318
319 2011-11-07  Ryosuke Niwa  <rniwa@webkit.org>
320
321         REGRESSION(r99436): Broke Snow Leopard debug build
322         https://bugs.webkit.org/show_bug.cgi?id=71713
323
324         Reviewed by Darin Adler.
325
326         Put the assertion in a template and use template specialization
327         to avoid warning when instantiated with UChar or LChar.
328
329         In the long term, we should have traits for unsigned integral types
330         and use that to specialize template instead of specializing it for UChar and LChar.
331
332         * parser/Lexer.cpp:
333         (JSC::assertCharIsIn8BitRange):
334         (JSC::::append8):
335
336 2011-11-07  ChangSeok Oh  <shivamidow@gmail.com>
337
338         [EFL] Support requestAnimationFrame API
339         https://bugs.webkit.org/show_bug.cgi?id=67112
340
341         Reviewed by Andreas Kling.
342
343         Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
344
345         * wtf/Platform.h:
346
347 2011-11-07  Michael Saboff  <msaboff@apple.com>
348
349         Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
350         https://bugs.webkit.org/show_bug.cgi?id=71331
351
352         Change the Lexer class to be a template class based on the character
353         type of the source.  In the process updated the parseIdentifier()
354         and parseString() methods to create 8 bit strings where possible.
355         Also added some helper methods for accumulating temporary string
356         data in the 8 and 16 bit vectors.
357
358         Changed the SourceProvider::data() virtual method to return a
359         StringImpl* instead of a UChar*.
360
361         Updated the KeywordLookup generator to create code to match keywords
362         for both 8 and 16 bit source strings.
363
364         Due to a compiler bug (<rdar://problem/10194295>) moved enum
365         definition outside of Lexer class declaration.  Remove second enum
366         no longer needed.
367
368         Reviewed by Darin Adler.
369
370         * KeywordLookupGenerator.py:
371         * interpreter/Interpreter.cpp:
372         (JSC::Interpreter::callEval):
373         * parser/Lexer.cpp:
374         (JSC::::Lexer):
375         (JSC::::~Lexer):
376         (JSC::::getInvalidCharMessage):
377         (JSC::::currentCharacter):
378         (JSC::::setCode):
379         (JSC::::internalShift):
380         (JSC::::shift):
381         (JSC::::peek):
382         (JSC::::getUnicodeCharacter):
383         (JSC::::shiftLineTerminator):
384         (JSC::::lastTokenWasRestrKeyword):
385         (JSC::::record8):
386         (JSC::::append8):
387         (JSC::::append16):
388         (JSC::::record16):
389         (JSC::::parseIdentifier):
390         (JSC::::parseIdentifierSlowCase):
391         (JSC::::parseString):
392         (JSC::::parseStringSlowCase):
393         (JSC::::parseHex):
394         (JSC::::parseOctal):
395         (JSC::::parseDecimal):
396         (JSC::::parseNumberAfterDecimalPoint):
397         (JSC::::parseNumberAfterExponentIndicator):
398         (JSC::::parseMultilineComment):
399         (JSC::::nextTokenIsColon):
400         (JSC::::lex):
401         (JSC::::scanRegExp):
402         (JSC::::skipRegExp):
403         (JSC::::clear):
404         (JSC::::sourceCode):
405         * parser/Lexer.h:
406         (JSC::Lexer::append16):
407         (JSC::Lexer::currentOffset):
408         (JSC::Lexer::setOffsetFromCharOffset):
409         (JSC::::isWhiteSpace):
410         (JSC::::isLineTerminator):
411         (JSC::::convertHex):
412         (JSC::::convertUnicode):
413         (JSC::::makeIdentifier):
414         (JSC::::setCodeStart):
415         (JSC::::makeIdentifierLCharFromUChar):
416         (JSC::::lexExpectIdentifier):
417         * parser/Parser.cpp:
418         (JSC::Parser::Parser):
419         (JSC::Parser::parseProperty):
420         (JSC::Parser::parseMemberExpression):
421         * parser/Parser.h:
422         (JSC::Parser::next):
423         (JSC::Parser::nextExpectIdentifier):
424         * parser/ParserArena.h:
425         (JSC::IdentifierArena::makeIdentifier):
426         (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
427         * parser/SourceCode.h:
428         (JSC::SourceCode::subExpression):
429         * parser/SourceProvider.h:
430         (JSC::UStringSourceProvider::stringData):
431         * parser/SourceProviderCache.h:
432         * parser/SyntaxChecker.h:
433         * runtime/FunctionPrototype.cpp:
434         (JSC::insertSemicolonIfNeeded):
435         * runtime/Identifier.cpp:
436         (JSC::IdentifierTable::add):
437         (JSC::IdentifierLCharFromUCharTranslator::hash):
438         (JSC::IdentifierLCharFromUCharTranslator::equal):
439         (JSC::IdentifierLCharFromUCharTranslator::translate):
440         (JSC::Identifier::add8):
441         * runtime/Identifier.h:
442         (JSC::Identifier::Identifier):
443         (JSC::Identifier::createLCharFromUChar):
444         (JSC::Identifier::canUseSingleCharacterString):
445         (JSC::IdentifierCharBufferTranslator::hash):
446         (JSC::IdentifierCharBufferTranslator::equal):
447         (JSC::IdentifierCharBufferTranslator::translate):
448         (JSC::Identifier::add):
449         (JSC::Identifier::equal):
450         (JSC::IdentifierTable::add):
451         * runtime/JSGlobalObjectFunctions.cpp:
452         (JSC::decode):
453         (JSC::parseIntOverflow):
454         (JSC::globalFuncUnescape):
455         * runtime/JSGlobalObjectFunctions.h:
456         (JSC::parseIntOverflow):
457         * runtime/LiteralParser.cpp:
458         (JSC::LiteralParser::tryJSONPParse):
459         (JSC::LiteralParser::Lexer::lexString):
460         * wtf/text/StringImpl.h:
461
462 2011-11-07  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
463
464         [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
465
466         Allows us to not package up the whole Source/JavaScriptCore directory for the
467         buildbots.
468
469         Reviewed-by Simon Hausmann.
470
471         * jsc.pro:
472
473 2011-11-06  Filip Pizlo  <fpizlo@apple.com>
474
475         REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
476         to initializeMainThread, and crashes
477         https://bugs.webkit.org/show_bug.cgi?id=71643
478
479         Reviewed by Sam Weinig.
480
481         * jsc.cpp:
482         (main):
483
484 2011-11-06  Sam Weinig  <sam@webkit.org>
485
486         Add space missing from some class declarations
487         https://bugs.webkit.org/show_bug.cgi?id=71632
488
489         Reviewed by Anders Carlsson.
490
491         * assembler/AssemblerBufferWithConstantPool.h:
492         * bytecode/CodeBlock.h:
493         * dfg/DFGVariableAccessData.h:
494         * heap/VTableSpectrum.h:
495         * jit/ExecutableAllocator.cpp:
496         * jit/ExecutableAllocatorFixedVMPool.cpp:
497         * wtf/MetaAllocatorHandle.h:
498         * wtf/UnionFind.h:
499
500 2011-11-06  Sam Weinig  <sam@webkit.org>
501
502         Allow use of FINAL in JavaScriptCore
503         https://bugs.webkit.org/show_bug.cgi?id=71630
504
505         Reviewed by Anders Carlsson.
506
507         * Configurations/Base.xcconfig:
508         Don't warn about C++11 extensions used in C++98 mode.
509
510 2011-11-05  Filip Pizlo  <fpizlo@apple.com>
511
512         Value profiling should just use two buckets
513         https://bugs.webkit.org/show_bug.cgi?id=71619
514
515         Reviewed by Gavin Barraclough.
516         
517         Added one more configuration options (like Heuristics::minimumOptimizationDelay),
518         improved debugging in JIT optimization support, changed the number of buckets
519         in the value profile from 9 to 2, and wrote a more optimal value profiling path
520         in the old JIT to take advantage of this. It's still possible to play around with
521         larger numbers of buckets, and we should probably keep this for a little while
522         until we convince ourselves that using just two buckets is the right call.
523
524         * bytecode/CodeBlock.cpp:
525         (JSC::CodeBlock::shouldOptimizeNow):
526         * bytecode/ValueProfile.h:
527         * jit/JITInlineMethods.h:
528         (JSC::JIT::emitValueProfilingSite):
529         * jit/JITStubs.cpp:
530         (JSC::DEFINE_STUB_FUNCTION):
531         * runtime/Heuristics.cpp:
532         (JSC::Heuristics::initializeHeuristics):
533         * runtime/Heuristics.h:
534
535 2011-11-03  Filip Pizlo  <fpizlo@apple.com>
536
537         JSC should be able to sample itself in a more flexible way than just sampling flags
538         https://bugs.webkit.org/show_bug.cgi?id=71522
539
540         Reviewed by Gavin Barraclough.
541         
542         Added a construct that looks like SamplingRegion samplingRegion("name").
543
544         * JavaScriptCore.exp:
545         * JavaScriptCore.xcodeproj/project.pbxproj:
546         * bytecode/SamplingTool.cpp:
547         (JSC::SamplingRegion::Locker::Locker):
548         (JSC::SamplingRegion::Locker::~Locker):
549         (JSC::SamplingRegion::sample):
550         (JSC::SamplingRegion::dump):
551         (JSC::SamplingRegion::dumpInternal):
552         (JSC::SamplingThread::threadStartFunc):
553         * bytecode/SamplingTool.h:
554         (JSC::SamplingRegion::SamplingRegion):
555         (JSC::SamplingRegion::~SamplingRegion):
556         (JSC::SamplingRegion::exchangeCurrent):
557         * bytecompiler/BytecodeGenerator.cpp:
558         (JSC::BytecodeGenerator::generate):
559         * dfg/DFGDriver.cpp:
560         (JSC::DFG::compile):
561         * heap/Heap.cpp:
562         (JSC::Heap::markRoots):
563         (JSC::Heap::collect):
564         * heap/VTableSpectrum.cpp:
565         (JSC::VTableSpectrum::countVPtr):
566         (JSC::VTableSpectrum::dump):
567         * heap/VTableSpectrum.h:
568         * jsc.cpp:
569         (main):
570         (runWithScripts):
571         * parser/Parser.h:
572         (JSC::parse):
573         * runtime/Executable.cpp:
574         (JSC::EvalExecutable::compileInternal):
575         (JSC::ProgramExecutable::compileInternal):
576         (JSC::FunctionExecutable::compileForCallInternal):
577         (JSC::FunctionExecutable::compileForConstructInternal):
578         * wtf/Atomics.h:
579         (WTF::weakCompareAndSwap):
580         * wtf/Platform.h:
581         * wtf/Spectrum.h: Added.
582         (WTF::Spectrum::Spectrum):
583         (WTF::Spectrum::add):
584         (WTF::Spectrum::get):
585         (WTF::Spectrum::begin):
586         (WTF::Spectrum::end):
587         (WTF::Spectrum::KeyAndCount::KeyAndCount):
588         (WTF::Spectrum::KeyAndCount::operator<):
589         (WTF::Spectrum::buildList):
590         * wtf/wtf.pri:
591
592 2011-11-05  Sam Weinig  <sam@webkit.org>
593
594         Fix windows build.
595
596         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
597
598 2011-11-04  Sam Weinig  <sam@webkit.org>
599
600         Reduce the number of putWithAttributes
601         https://bugs.webkit.org/show_bug.cgi?id=71597
602
603         Reviewed by Adam Roben.
604
605         * JavaScriptCore.exp:
606         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
607         Remove exports of removed functions.
608
609         * runtime/JSActivation.cpp:
610         (JSC::JSActivation::putWithAttributes):
611         Calling the overload without the extra parameters does the same thing.
612
613         * runtime/JSObject.cpp:
614         (JSC::JSObject::putWithAttributes):
615         * runtime/JSObject.h:
616         Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
617         two overloads not virtual, since no one overrides it.
618
619 2011-11-04  Pratik Solanki  <psolanki@apple.com>
620
621         sqrtDouble and andnotDouble should be declared noreturn
622         https://bugs.webkit.org/show_bug.cgi?id=71592
623
624         Reviewed by Sam Weinig.
625
626         * assembler/MacroAssemblerARMv7.h:
627
628 2011-11-04  Mark Hahnenberg  <mhahnenberg@apple.com>
629
630         De-virtualize JSObject::hasInstance
631         https://bugs.webkit.org/show_bug.cgi?id=71430
632
633         Reviewed by Darin Adler.
634
635         Added hasInstance to the MethodTable, changed all the virtual 
636         implementations of hasInstance to static ones, and replaced 
637         all call sites with corresponding lookups in the MethodTable.
638
639         * API/JSCallbackObject.h:
640         * API/JSCallbackObjectFunctions.h:
641         (JSC::::hasInstance):
642         * API/JSValueRef.cpp:
643         (JSValueIsInstanceOfConstructor):
644         * JavaScriptCore.exp:
645         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
646         * interpreter/Interpreter.cpp:
647         (JSC::Interpreter::privateExecute):
648         * jit/JITStubs.cpp:
649         (JSC::DEFINE_STUB_FUNCTION):
650         * runtime/ClassInfo.h:
651         * runtime/JSBoundFunction.cpp:
652         (JSC::JSBoundFunction::hasInstance):
653         * runtime/JSBoundFunction.h:
654         * runtime/JSCell.cpp:
655         (JSC::JSCell::hasInstance):
656         * runtime/JSCell.h:
657         * runtime/JSObject.cpp:
658         (JSC::JSObject::hasInstance):
659         * runtime/JSObject.h:
660
661 2011-11-04  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
662
663         [Qt] Refactor and clean up the qmake build system
664
665         The qmake build system has accumulated a bit of cruft and redundancy
666         over time. There's also a fairly tight coupling between how to build
667         the various targets, and _what_ to build, making it harder to add new
668         rules or sources. This patch aims to elevate these issues somewhat.
669
670         This is a short-list of the changes:
671
672           * The rules for how to build targets are now mostly contained as
673             prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
674             allows us to do pre- and post-processing of each project file,
675             which helps to clean up the actual project files.
676
677           * Derived sources are no longer generated as a separate make-step
678             but is part of each target's project file as a subdir. Makefile
679             rules are used to ensure that we run make on the derived sources
680             before running qmake on the actual target makefile. This makes
681             it easier to keep a proper dependency between derived sources
682             and the target.
683
684           * We use GNU make and the compiler to generate dependencies on
685             UNIX-based systems running Qt 5. This allows us to lessen the
686             need to run qmake, which should reduce compile time.
687
688           * WebKit2 is now build by default if building with Qt 5. It can
689             be disabled by passing --no-webkit2 to build-webkit.
690
691         The result of these changes are hopefully a cleaner and easier
692         build system to modify, and faster build times due to no longer
693         running qmake on every single build. It's also a first step
694         towards possibly generating the list of sources using another
695         build system.
696
697         https://bugs.webkit.org/show_bug.cgi?id=71222
698
699         Reviewed by Simon Hausmann.
700
701         * DerivedSources.pri: Added.
702         * DerivedSources.pro: Removed.
703         * JavaScriptCore.pro:
704         * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
705         * headers.pri: Removed.
706         * jsc.pro:
707         * wtf/wtf.pri:
708         * yarr/yarr.pri:
709
710 2011-11-04  Yuqiang Xian  <yuqiang.xian@intel.com>
711
712         More code clean-up in DFG 32_64
713         https://bugs.webkit.org/show_bug.cgi?id=71540
714
715         Remove unnecessary code duplications, and fix compilation warnings.
716
717         Reviewed by Gavin Barraclough.
718
719         * dfg/DFGJITCompiler.cpp:
720         (JSC::DFG::JITCompiler::emitCount):
721         (JSC::DFG::JITCompiler::setSamplingFlag):
722         (JSC::DFG::JITCompiler::clearSamplingFlag):
723         (JSC::DFG::JITCompiler::jitAssertIsCell):
724         * dfg/DFGJITCompiler32_64.cpp:
725         * dfg/DFGSpeculativeJIT32_64.cpp:
726         (JSC::DFG::SpeculativeJIT::compile):
727
728 2011-11-04  Csaba Osztrogonác  <ossy@webkit.org>
729
730         De-virtualize JSObject::hasInstance
731         https://bugs.webkit.org/show_bug.cgi?id=71430
732
733         Unreviewed rolling out r99238, because it made a test crash on all platform.
734
735         * API/JSCallbackObject.h:
736         * API/JSCallbackObjectFunctions.h:
737         (JSC::::hasInstance):
738         * API/JSValueRef.cpp:
739         (JSValueIsInstanceOfConstructor):
740         * JavaScriptCore.exp:
741         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
742         * interpreter/Interpreter.cpp:
743         (JSC::Interpreter::privateExecute):
744         * jit/JITStubs.cpp:
745         (JSC::DEFINE_STUB_FUNCTION):
746         * runtime/ClassInfo.h:
747         * runtime/JSBoundFunction.cpp:
748         (JSC::JSBoundFunction::hasInstance):
749         * runtime/JSBoundFunction.h:
750         * runtime/JSCell.cpp:
751         * runtime/JSCell.h:
752         * runtime/JSObject.cpp:
753         (JSC::JSObject::hasInstance):
754         * runtime/JSObject.h:
755
756 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
757
758         De-virtualize JSObject::getPropertyNames
759         https://bugs.webkit.org/show_bug.cgi?id=71306
760
761         Reviewed by Darin Adler.
762
763         Added getPropertyNames to the MethodTable, changed all the virtual 
764         implementations of getPropertyNames to static ones, and replaced 
765         all call sites with corresponding lookups in the MethodTable.
766
767         * API/JSObjectRef.cpp:
768         (JSObjectCopyPropertyNames):
769         * JavaScriptCore.exp:
770         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
771         * debugger/DebuggerActivation.cpp:
772         (JSC::DebuggerActivation::getOwnPropertyNames):
773         * runtime/ClassInfo.h:
774         * runtime/JSCell.cpp:
775         (JSC::JSCell::getPropertyNames):
776         * runtime/JSCell.h:
777         * runtime/JSObject.cpp:
778         (JSC::JSObject::getPropertyNames):
779         (JSC::JSObject::getOwnPropertyNames):
780         * runtime/JSObject.h:
781         * runtime/JSPropertyNameIterator.cpp:
782         (JSC::JSPropertyNameIterator::create):
783         * runtime/ScopeChain.cpp:
784         (JSC::ScopeChainNode::print):
785         * runtime/Structure.cpp:
786         (JSC::Structure::getPropertyNamesFromStructure):
787         * runtime/Structure.h:
788
789 2011-11-03  Darin Adler  <darin@apple.com>
790
791         Change remaining callers of releaseRef to call leakRef
792         https://bugs.webkit.org/show_bug.cgi?id=71422
793
794         * wtf/text/AtomicString.cpp:
795         (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
796
797 2011-11-02  Darin Adler  <darin@apple.com>
798
799         Change remaining callers of releaseRef to call leakRef
800         https://bugs.webkit.org/show_bug.cgi?id=71422
801
802         * wtf/text/AtomicString.cpp:
803         (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
804
805 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
806
807         De-virtualize JSObject::hasInstance
808         https://bugs.webkit.org/show_bug.cgi?id=71430
809
810         Reviewed by Darin Adler.
811
812         Added hasInstance to the MethodTable, changed all the virtual 
813         implementations of hasInstance to static ones, and replaced 
814         all call sites with corresponding lookups in the MethodTable.
815
816         * API/JSCallbackObject.h:
817         * API/JSCallbackObjectFunctions.h:
818         (JSC::::hasInstance):
819         * API/JSValueRef.cpp:
820         (JSValueIsInstanceOfConstructor):
821         * JavaScriptCore.exp:
822         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
823         * interpreter/Interpreter.cpp:
824         (JSC::Interpreter::privateExecute):
825         * jit/JITStubs.cpp:
826         (JSC::DEFINE_STUB_FUNCTION):
827         * runtime/ClassInfo.h:
828         * runtime/JSBoundFunction.cpp:
829         (JSC::JSBoundFunction::hasInstance):
830         * runtime/JSBoundFunction.h:
831         * runtime/JSCell.cpp:
832         (JSC::JSCell::hasInstance):
833         * runtime/JSCell.h:
834         * runtime/JSObject.cpp:
835         (JSC::JSObject::hasInstance):
836         * runtime/JSObject.h:
837
838 2011-11-03  Filip Pizlo  <fpizlo@apple.com>
839
840         JIT-specific code should be able to refer to register types even on JIT-disabled builds
841         https://bugs.webkit.org/show_bug.cgi?id=71498
842
843         Reviewed by Gavin Barraclough.
844
845         * assembler/MacroAssembler.h:
846         (MacroAssembler::MacroAssembler):
847
848 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
849
850         De-virtualize JSObject::className
851         https://bugs.webkit.org/show_bug.cgi?id=71428
852
853         Reviewed by Sam Weinig.
854
855         Added className to the MethodTable, changed all the virtual 
856         implementations of className to static ones, and replaced 
857         all call sites with corresponding lookups in the MethodTable.
858
859         * API/JSCallbackObject.h:
860         * API/JSCallbackObjectFunctions.h:
861         (JSC::::className):
862         * JavaScriptCore.exp:
863         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
864         * debugger/DebuggerActivation.cpp:
865         (JSC::DebuggerActivation::className):
866         * debugger/DebuggerActivation.h:
867         * jsc.cpp:
868         (GlobalObject::createStructure):
869         * profiler/Profiler.cpp:
870         (JSC::Profiler::createCallIdentifier):
871         * runtime/ClassInfo.h:
872         * runtime/JSCell.cpp:
873         (JSC::JSCell::className):
874         * runtime/JSCell.h:
875         * runtime/JSObject.cpp:
876         (JSC::JSObject::className):
877         * runtime/JSObject.h:
878         * runtime/ObjectPrototype.cpp:
879         (JSC::objectProtoFuncToString):
880         * testRegExp.cpp:
881         (GlobalObject::createStructure):
882
883 2011-11-02  Jer Noble  <jer.noble@apple.com>
884
885         Add Clock class and platform-specific implementations.
886         https://bugs.webkit.org/show_bug.cgi?id=71341
887
888         Reviewed by Sam Weinig.
889
890         Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
891
892         * wtf/Platform.h:
893
894 2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
895
896         Not reviewed: fixing win build. step2.
897
898         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
899
900 2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
901
902         Not reviewed: fix windows build, step1
903
904         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
905
906 2011-11-03  Pavel Feldman  <pfeldman@google.com>
907
908         Web Inspector: preserve script location for inline handlers.
909         https://bugs.webkit.org/show_bug.cgi?id=71367
910
911         Makes SourceCode factories receive TextPosition instead of the line number;
912         Stores consistent position values in SourceCode and SourceProvider;
913
914         Reviewed by Yury Semikhatsky.
915
916         * API/JSBase.cpp:
917         (JSEvaluateScript):
918         (JSCheckScriptSyntax):
919         * API/JSObjectRef.cpp:
920         (JSObjectMakeFunction):
921         * parser/SourceCode.h:
922         (JSC::makeSource):
923         * parser/SourceProvider.h:
924         (JSC::SourceProvider::SourceProvider):
925         (JSC::SourceProvider::startPosition):
926         (JSC::UStringSourceProvider::create):
927         (JSC::UStringSourceProvider::UStringSourceProvider):
928         * runtime/FunctionConstructor.cpp:
929         (JSC::constructFunction):
930         (JSC::constructFunctionSkippingEvalEnabledCheck):
931         * runtime/FunctionConstructor.h:
932
933 2011-11-03  Kentaro Hara  <haraken@chromium.org>
934
935         Fixed wrong implementation of doubleValue % 2^{64}.
936         https://bugs.webkit.org/show_bug.cgi?id=67980
937
938         Reviewed by Hajime Morita.
939
940         fast/events/constructors/progress-event-constructor.html was failing
941         because of the wrong implementation of conversion from an ECMAScript value
942         to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
943         In particular, the calculation of doubleValue % 2^{64} was wrong.
944         This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
945
946         * wtf/MathExtras.h:
947         (doubleToInteger): Implemented the spec correctly.
948
949 2011-11-03  Sheriff Bot  <webkit.review.bot@gmail.com>
950
951         Unreviewed, rolling out r99089.
952         http://trac.webkit.org/changeset/99089
953         https://bugs.webkit.org/show_bug.cgi?id=71448
954
955         @plt postfix for math functions cause crash on Linux 32 (the
956         symbol is defined but it points to NULL) (Requested by
957         zherczeg on #webkit).
958
959         * dfg/DFGOperations.cpp:
960         * jit/JITStubs.cpp:
961         * jit/ThunkGenerators.cpp:
962
963 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
964
965         DFG inlining breaks function.arguments[something] if the argument being
966         retrieved was subjected to DFG's unboxing optimizations
967         https://bugs.webkit.org/show_bug.cgi?id=71436
968
969         Reviewed by Oliver Hunt.
970         
971         This makes inlined arguments retrieval use some of the same machinery as
972         OSR to determine where from, and how, to retrieve a value that the DFG
973         might have somehow squirreled away while the old JIT would put it in its
974         obvious location, using an obvious format.
975         
976         To that end, previously DFG-internal notions such as DataFormat,
977         VirtualRegister, and ValueRecovery are now in bytecode/ since they are
978         stored as part of InlineCallFrames.
979
980         * bytecode/CodeOrigin.h:
981         * dfg/DFGAbstractState.cpp:
982         (JSC::DFG::AbstractState::execute):
983         * dfg/DFGByteCodeParser.cpp:
984         (JSC::DFG::ByteCodeParser::handleInlining):
985         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
986         * dfg/DFGJITCompiler.cpp:
987         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
988         * dfg/DFGJITCompiler32_64.cpp:
989         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
990         * dfg/DFGNode.h:
991         * dfg/DFGPropagator.cpp:
992         (JSC::DFG::Propagator::propagateNodePredictions):
993         * dfg/DFGSpeculativeJIT.cpp:
994         (JSC::DFG::SpeculativeJIT::compile):
995         * dfg/DFGSpeculativeJIT64.cpp:
996         (JSC::DFG::SpeculativeJIT::compile):
997         * interpreter/CallFrame.cpp:
998         (JSC::CallFrame::trueCallerFrame):
999         * interpreter/CallFrame.h:
1000         (JSC::ExecState::inlineCallFrame):
1001         * interpreter/Register.h:
1002         (JSC::Register::asInlineCallFrame):
1003         (JSC::Register::unboxedInt32):
1004         (JSC::Register::unboxedBoolean):
1005         (JSC::Register::unboxedCell):
1006         * runtime/Arguments.h:
1007         (JSC::Arguments::finishCreationAndCopyRegisters):
1008
1009 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1010
1011         ValueRecovery should be moved out of the DFG JIT
1012         https://bugs.webkit.org/show_bug.cgi?id=71439
1013
1014         Reviewed by Oliver Hunt.
1015
1016         * JavaScriptCore.xcodeproj/project.pbxproj:
1017         * bytecode/DataFormat.h: Added.
1018         (JSC::dataFormatToString):
1019         (JSC::needDataFormatConversion):
1020         (JSC::isJSFormat):
1021         (JSC::isJSInteger):
1022         (JSC::isJSDouble):
1023         (JSC::isJSCell):
1024         (JSC::isJSBoolean):
1025         * bytecode/ValueRecovery.h: Added.
1026         (JSC::ValueRecovery::ValueRecovery):
1027         (JSC::ValueRecovery::alreadyInRegisterFile):
1028         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
1029         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
1030         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
1031         (JSC::ValueRecovery::inGPR):
1032         (JSC::ValueRecovery::inPair):
1033         (JSC::ValueRecovery::inFPR):
1034         (JSC::ValueRecovery::displacedInRegisterFile):
1035         (JSC::ValueRecovery::constant):
1036         (JSC::ValueRecovery::technique):
1037         (JSC::ValueRecovery::isInRegisters):
1038         (JSC::ValueRecovery::gpr):
1039         (JSC::ValueRecovery::tagGPR):
1040         (JSC::ValueRecovery::payloadGPR):
1041         (JSC::ValueRecovery::fpr):
1042         (JSC::ValueRecovery::virtualRegister):
1043         (JSC::ValueRecovery::dump):
1044         * bytecode/VirtualRegister.h: Added.
1045         * dfg/DFGGenerationInfo.h:
1046         (JSC::DFG::GenerationInfo::isJSFormat):
1047         * dfg/DFGSpeculativeJIT.cpp:
1048         (JSC::DFG::ValueSource::dump):
1049         * dfg/DFGSpeculativeJIT.h:
1050         * dfg/DFGVariableAccessData.h:
1051
1052 2011-11-02  Sam Weinig  <sam@webkit.org>
1053
1054         Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
1055         https://bugs.webkit.org/show_bug.cgi?id=71333
1056
1057         Reviewed by Gavin Barraclough.
1058
1059         Tested by fast/dom/getter-on-window-object2.html
1060
1061         * runtime/PropertyDescriptor.cpp:
1062         (JSC::PropertyDescriptor::setDescriptor):
1063         The attributes returned from Structure::get do not include Getter or Setter, so
1064         instead check if the value is a GetterSetter like we do elsewhere. If it is, update
1065         the descriptor's attributes accordingly.
1066
1067 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
1068
1069         FunctionPtr should accept FASTCALL functions on X86
1070         https://bugs.webkit.org/show_bug.cgi?id=71434
1071
1072         Reviewed by Filip Pizlo.
1073
1074         On X86 we sometimes use FASTCALL convention functions, for example the
1075         cti functions, and we may need the pointers to such functions, e.g.,
1076         in current DFG register file check and arity check, though long term
1077         we may avoid such usage of cti calls in DFG.
1078
1079         * assembler/MacroAssemblerCodeRef.h:
1080         (JSC::FunctionPtr::FunctionPtr):
1081
1082 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1083
1084         Inlined uses of the global object should use the right global object
1085         https://bugs.webkit.org/show_bug.cgi?id=71427
1086
1087         Reviewed by Oliver Hunt.
1088
1089         * dfg/DFGJITCompiler.h:
1090         (JSC::DFG::JITCompiler::globalObjectFor):
1091         * dfg/DFGSpeculativeJIT64.cpp:
1092         (JSC::DFG::SpeculativeJIT::compile):
1093
1094 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
1095
1096         Remove some unnecessary loads/stores in DFG JIT 32_64
1097         https://bugs.webkit.org/show_bug.cgi?id=71090
1098
1099         Reviewed by Filip Pizlo.
1100
1101         In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
1102         be eliminated.
1103
1104         * dfg/DFGJITCompiler32_64.cpp:
1105         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1106         * dfg/DFGSpeculativeJIT32_64.cpp:
1107         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1108
1109 2011-11-02  Adam Klein  <adamk@chromium.org>
1110
1111         Replace usage of StringImpl with String where possible in CharacterData and Text
1112         https://bugs.webkit.org/show_bug.cgi?id=71383
1113
1114         Reviewed by Darin Adler.
1115
1116         * wtf/text/WTFString.h:
1117         (WTF::String::containsOnlyWhitespace): Added new method.
1118
1119 2011-11-02  Mark Hahnenberg  <mhahnenberg@apple.com>
1120
1121         De-virtualize JSObject::getOwnPropertyNames
1122         https://bugs.webkit.org/show_bug.cgi?id=71307
1123
1124         Reviewed by Darin Adler.
1125
1126         Added getOwnPropertyNames to the MethodTable, changed all the virtual 
1127         implementations of getOwnPropertyNames to static ones, and replaced 
1128         all call sites with corresponding lookups in the MethodTable.
1129
1130         * API/JSCallbackObject.h:
1131         * API/JSCallbackObjectFunctions.h:
1132         (JSC::::getOwnPropertyNames):
1133         * JavaScriptCore.exp:
1134         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1135         * debugger/DebuggerActivation.cpp:
1136         (JSC::DebuggerActivation::getOwnPropertyNames):
1137         * debugger/DebuggerActivation.h:
1138         * runtime/Arguments.cpp:
1139         (JSC::Arguments::getOwnPropertyNames):
1140         * runtime/Arguments.h:
1141         * runtime/ClassInfo.h:
1142         * runtime/JSActivation.cpp:
1143         (JSC::JSActivation::getOwnPropertyNames):
1144         * runtime/JSActivation.h:
1145         * runtime/JSArray.cpp:
1146         (JSC::JSArray::getOwnPropertyNames):
1147         * runtime/JSArray.h:
1148         * runtime/JSByteArray.cpp:
1149         (JSC::JSByteArray::getOwnPropertyNames):
1150         * runtime/JSByteArray.h:
1151         * runtime/JSCell.cpp:
1152         (JSC::JSCell::getOwnPropertyNames):
1153         * runtime/JSCell.h:
1154         * runtime/JSFunction.cpp:
1155         (JSC::JSFunction::getOwnPropertyNames):
1156         * runtime/JSFunction.h:
1157         * runtime/JSNotAnObject.cpp:
1158         (JSC::JSNotAnObject::getOwnPropertyNames):
1159         * runtime/JSNotAnObject.h:
1160         * runtime/JSONObject.cpp:
1161         (JSC::Stringifier::Holder::appendNextProperty):
1162         (JSC::Walker::walk):
1163         * runtime/JSObject.cpp:
1164         (JSC::JSObject::getPropertyNames):
1165         (JSC::JSObject::getOwnPropertyNames):
1166         * runtime/JSObject.h:
1167         * runtime/JSVariableObject.cpp:
1168         (JSC::JSVariableObject::~JSVariableObject):
1169         (JSC::JSVariableObject::getOwnPropertyNames):
1170         * runtime/JSVariableObject.h:
1171         * runtime/ObjectConstructor.cpp:
1172         (JSC::objectConstructorGetOwnPropertyNames):
1173         (JSC::objectConstructorKeys):
1174         (JSC::defineProperties):
1175         * runtime/RegExpMatchesArray.h:
1176         (JSC::RegExpMatchesArray::getOwnPropertyNames):
1177         * runtime/StringObject.cpp:
1178         (JSC::StringObject::getOwnPropertyNames):
1179         * runtime/StringObject.h:
1180         * runtime/Structure.h:
1181
1182 2011-11-02  Dean Jackson  <dino@apple.com>
1183
1184         Add ENABLE_CSS_SHADERS flag
1185         https://bugs.webkit.org/show_bug.cgi?id=71394
1186
1187         Reviewed by Sam Weinig.
1188
1189         * Configurations/FeatureDefines.xcconfig:
1190
1191 2011-11-02  Alexey Shabalin  <a.shabalin@gmail.com>
1192
1193         TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
1194         https://bugs.webkit.org/show_bug.cgi?id=70610
1195
1196         Reviewed by Martin Robinson.
1197
1198         Properly annotate ASM on BSD and Linux x86 systems.
1199
1200         * dfg/DFGOperations.cpp: Add annotation for X86.
1201         * jit/JITStubs.cpp: Ditto.
1202         * jit/ThunkGenerators.cpp: Ditto.
1203
1204 2011-11-02  Xianzhu Wang  <wangxianzhu@chromium.org>
1205
1206         Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
1207         https://bugs.webkit.org/show_bug.cgi?id=71347
1208
1209         Reviewed by Geoffrey Garen.
1210
1211         * wtf/text/StringImpl.cpp:
1212         (WTF::StringImpl::reallocate):
1213
1214 2011-11-01  Darin Adler  <darin@apple.com>
1215
1216         Cut down on malloc/free a bit in the parser arena
1217         https://bugs.webkit.org/show_bug.cgi?id=71343
1218
1219         Reviewed by Oliver Hunt.
1220
1221         * parser/ParserArena.cpp:
1222         (JSC::ParserArena::deallocateObjects): Call the destructors of
1223         the deletable objects before freeing the pools. Don't call
1224         fastFree on the deletable objects any more.
1225
1226         * parser/ParserArena.h:
1227         (JSC::ParserArena::allocateDeletable): Use allocateFreeable
1228         instead of fastMalloc here.
1229
1230 2011-11-01  Sam Weinig  <sam@webkit.org>
1231
1232         Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
1233         https://bugs.webkit.org/show_bug.cgi?id=71336
1234
1235         Reviewed by Darin Adler.
1236
1237         * debugger/DebuggerActivation.cpp:
1238         * debugger/DebuggerActivation.h:
1239         Remove overrides of lookupGetter/lookupSetter, which are no longer needed
1240         due to implementing getPropertyDescriptor.
1241
1242         * runtime/JSObject.cpp:
1243         (JSC::JSObject::lookupGetter):
1244         (JSC::JSObject::lookupSetter):
1245         * runtime/JSObject.h:
1246         De-virtualize lookupGetter/lookupSetter, and implement them in terms of
1247         getPropertyDescriptor.
1248
1249 2011-11-01  Mark Hahnenberg  <mhahnenberg@apple.com>
1250
1251         De-virtualize JSObject::defineSetter
1252         https://bugs.webkit.org/show_bug.cgi?id=71303
1253
1254         Reviewed by Darin Adler.
1255
1256         Added defineSetter to the MethodTable, changed all the virtual 
1257         implementations of defineSetter to static ones, and replaced 
1258         all call sites with corresponding lookups in the MethodTable.
1259
1260         * JavaScriptCore.exp:
1261         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1262         * debugger/DebuggerActivation.cpp:
1263         (JSC::DebuggerActivation::defineSetter):
1264         * debugger/DebuggerActivation.h:
1265         * interpreter/Interpreter.cpp:
1266         (JSC::Interpreter::privateExecute):
1267         * jit/JITStubs.cpp:
1268         (JSC::DEFINE_STUB_FUNCTION):
1269         * runtime/ClassInfo.h:
1270         * runtime/JSCell.cpp:
1271         (JSC::JSCell::defineSetter):
1272         * runtime/JSCell.h:
1273         * runtime/JSGlobalObject.cpp:
1274         (JSC::JSGlobalObject::defineSetter):
1275         * runtime/JSGlobalObject.h:
1276         * runtime/JSObject.cpp:
1277         (JSC::JSObject::defineSetter):
1278         (JSC::putDescriptor):
1279         * runtime/JSObject.h:
1280         * runtime/ObjectPrototype.cpp:
1281         (JSC::objectProtoFuncDefineSetter):
1282
1283 2011-11-01  Filip Pizlo  <fpizlo@apple.com>
1284
1285         DFG inlining breaks function.arguments
1286         https://bugs.webkit.org/show_bug.cgi?id=71329
1287
1288         Reviewed by Oliver Hunt.
1289         
1290         The DFG was forgetting to store code origin mappings for inlined
1291         call sites. Some of the fast-path optimizations for
1292         CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
1293         was wrong.
1294         
1295         I also took the opportunity to decrease code duplication between
1296         DFG64 and DFG32_64, because I didn't feel like writing the same
1297         code twice.
1298
1299         * bytecode/CodeBlock.h:
1300         (JSC::ExecState::isInlineCallFrame):
1301         * dfg/DFGJITCompiler.cpp:
1302         (JSC::DFG::JITCompiler::compileEntry):
1303         (JSC::DFG::JITCompiler::compileBody):
1304         (JSC::DFG::JITCompiler::link):
1305         (JSC::DFG::JITCompiler::compile):
1306         (JSC::DFG::JITCompiler::compileFunction):
1307         * dfg/DFGJITCompiler32_64.cpp:
1308         * dfg/DFGNode.h:
1309         * interpreter/CallFrame.cpp:
1310         (JSC::CallFrame::trueCallerFrame):
1311         * interpreter/CallFrame.h:
1312         * runtime/Arguments.h:
1313         (JSC::Arguments::getArgumentsData):
1314
1315 2011-11-01  Xianzhu Wang  <wangxianzhu@chromium.org>
1316
1317         StringImpl::reallocate() should have a 8-bit version
1318         https://bugs.webkit.org/show_bug.cgi?id=71210
1319
1320         Reviewed by Geoffrey Garen.
1321
1322         * wtf/text/StringImpl.cpp:
1323         (WTF::StringImpl::reallocate):
1324         * wtf/text/StringImpl.h:
1325
1326 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1327
1328         The GC should be parallel
1329         https://bugs.webkit.org/show_bug.cgi?id=70995
1330
1331         Reviewed by Geoff Garen.
1332         
1333         Added parallel tracing to the GC. This works by having local mark
1334         stacks per thread, and a global shared one. Threads sometimes
1335         donate cells from the mark stack to the global one if the heuristics
1336         tell them that it's affordable to do so. Threads that have depleted
1337         their local mark stacks try to steal some from the shared one.
1338
1339         Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
1340         
1341         This is a 23% speed-up on V8-splay when I use 4 marking threads,
1342         leading to a 3.5% speed-up on V8.
1343         
1344         It also appears that this reduces GC pause times on real websites by
1345         more than half.
1346
1347         * JavaScriptCore.exp:
1348         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1349         * heap/Heap.cpp:
1350         (JSC::Heap::Heap):
1351         (JSC::Heap::~Heap):
1352         (JSC::Heap::markRoots):
1353         * heap/Heap.h:
1354         * heap/MarkStack.cpp:
1355         (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
1356         (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
1357         (JSC::MarkStackSegmentAllocator::allocate):
1358         (JSC::MarkStackSegmentAllocator::release):
1359         (JSC::MarkStackSegmentAllocator::shrinkReserve):
1360         (JSC::MarkStackArray::MarkStackArray):
1361         (JSC::MarkStackArray::~MarkStackArray):
1362         (JSC::MarkStackArray::expand):
1363         (JSC::MarkStackArray::refill):
1364         (JSC::MarkStackArray::donateSomeCellsTo):
1365         (JSC::MarkStackArray::stealSomeCellsFrom):
1366         (JSC::MarkStackThreadSharedData::markingThreadMain):
1367         (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
1368         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
1369         (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
1370         (JSC::MarkStackThreadSharedData::reset):
1371         (JSC::MarkStack::reset):
1372         (JSC::SlotVisitor::donateSlow):
1373         (JSC::SlotVisitor::drain):
1374         (JSC::SlotVisitor::drainFromShared):
1375         (JSC::MarkStack::mergeOpaqueRoots):
1376         (JSC::SlotVisitor::harvestWeakReferences):
1377         * heap/MarkStack.h:
1378         (JSC::MarkStackSegment::data):
1379         (JSC::MarkStackSegment::capacityFromSize):
1380         (JSC::MarkStackSegment::sizeFromCapacity):
1381         (JSC::MarkStackArray::postIncTop):
1382         (JSC::MarkStackArray::preDecTop):
1383         (JSC::MarkStackArray::setTopForFullSegment):
1384         (JSC::MarkStackArray::setTopForEmptySegment):
1385         (JSC::MarkStackArray::top):
1386         (JSC::MarkStackArray::validatePrevious):
1387         (JSC::MarkStack::addWeakReferenceHarvester):
1388         (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
1389         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
1390         (JSC::MarkStack::MarkStack):
1391         (JSC::MarkStack::addOpaqueRoot):
1392         (JSC::MarkStack::containsOpaqueRoot):
1393         (JSC::MarkStack::opaqueRootCount):
1394         (JSC::MarkStackArray::append):
1395         (JSC::MarkStackArray::canRemoveLast):
1396         (JSC::MarkStackArray::removeLast):
1397         (JSC::MarkStackArray::isEmpty):
1398         (JSC::MarkStackArray::canDonateSomeCells):
1399         (JSC::MarkStackArray::size):
1400         (JSC::ParallelModeEnabler::ParallelModeEnabler):
1401         (JSC::ParallelModeEnabler::~ParallelModeEnabler):
1402         * heap/MarkedBlock.h:
1403         (JSC::MarkedBlock::testAndSetMarked):
1404         * heap/SlotVisitor.h:
1405         (JSC::SlotVisitor::donate):
1406         (JSC::SlotVisitor::donateAndDrain):
1407         (JSC::SlotVisitor::donateKnownParallel):
1408         (JSC::SlotVisitor::SlotVisitor):
1409         * heap/WeakReferenceHarvester.h:
1410         * runtime/Heuristics.cpp:
1411         (JSC::Heuristics::initializeHeuristics):
1412         * runtime/Heuristics.h:
1413         * wtf/Atomics.h:
1414         (WTF::weakCompareAndSwap):
1415         * wtf/Bitmap.h:
1416         (WTF::::Bitmap):
1417         (WTF::::get):
1418         (WTF::::set):
1419         (WTF::::testAndSet):
1420         (WTF::::testAndClear):
1421         (WTF::::concurrentTestAndSet):
1422         (WTF::::concurrentTestAndClear):
1423         (WTF::::clear):
1424         (WTF::::clearAll):
1425         (WTF::::nextPossiblyUnset):
1426         (WTF::::findRunOfZeros):
1427         (WTF::::count):
1428         (WTF::::isEmpty):
1429         (WTF::::isFull):
1430         * wtf/MainThread.h:
1431         (WTF::isMainThreadOrGCThread):
1432         * wtf/Platform.h:
1433         * wtf/ThreadSpecific.h:
1434         (WTF::::isSet):
1435         * wtf/mac/MainThreadMac.mm:
1436         (WTF::initializeGCThreads):
1437         (WTF::initializeMainThreadPlatform):
1438         (WTF::initializeMainThreadToProcessMainThreadPlatform):
1439         (WTF::registerGCThread):
1440         (WTF::isMainThreadOrGCThread):
1441
1442 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1443
1444         De-virtualize JSObject::defaultValue
1445         https://bugs.webkit.org/show_bug.cgi?id=71146
1446
1447         Reviewed by Sam Weinig.
1448
1449         Added defaultValue to the MethodTable.  Replaced all virtual versions of 
1450         defaultValue with static versions.  Replaced all call sites with lookups in the 
1451         MethodTable.
1452
1453         * JavaScriptCore.exp:
1454         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1455         * runtime/ClassInfo.h:
1456         * runtime/ExceptionHelpers.cpp:
1457         (JSC::InterruptedExecutionError::defaultValue):
1458         (JSC::TerminatedExecutionError::defaultValue):
1459         * runtime/ExceptionHelpers.h:
1460         * runtime/JSCell.cpp:
1461         (JSC::JSCell::defaultValue):
1462         * runtime/JSCell.h:
1463         * runtime/JSNotAnObject.cpp:
1464         (JSC::JSNotAnObject::defaultValue):
1465         * runtime/JSNotAnObject.h:
1466         * runtime/JSObject.cpp:
1467         (JSC::JSObject::getPrimitiveNumber):
1468         (JSC::JSObject::defaultValue):
1469         * runtime/JSObject.h:
1470         (JSC::JSObject::toPrimitive):
1471
1472 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1473
1474         Interpreter build fix
1475
1476         Unreviewed build fix
1477
1478         * interpreter/Interpreter.cpp:
1479         (JSC::Interpreter::privateExecute):
1480         * runtime/Executable.cpp:
1481         (JSC::FunctionExecutable::compileForCallInternal):
1482         (JSC::FunctionExecutable::compileForConstructInternal):
1483
1484 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1485
1486         DFG OSR exits should add to value profiles
1487         https://bugs.webkit.org/show_bug.cgi?id=71202
1488
1489         Reviewed by Oliver Hunt.
1490         
1491         Value profiles now have an extra special slot not used by the old JIT's
1492         profiling, which is reserved for OSR exits.
1493         
1494         The DFG's OSR exit code now knows which register, node index, and value
1495         profiling site was responsible for the (possibly flawed) information that
1496         led to the OSR failure. This is somewhat opportunistic and imperfect;
1497         if there's a lot of control flow between the value profiling site and the
1498         OSR failure point, then this mechanism simply gives up. It also gives up
1499         if the OSR failure is caused by either known deficiencies in the DFG
1500         (like that we always assume that the index in a strict charCodeAt access
1501         is within bounds) or where the OSR failure would be catalogues and
1502         profiled through other means (like slow case counters).
1503         
1504         This patch also adds the notion of a JSValueRegs, which is either a
1505         single register in JSVALUE64 or a pair in JSVALUE32_64. We should
1506         probably move the 32_64 DFG towards using this, since it often makes it
1507         easier to share code between 64 and 32_64.
1508         
1509         Also fixed a number of pathologies that this uncovered. op_method_check 
1510         didn't have a value profiling site on the slow path. GetById should not
1511         always force OSR exit if it never executed in the old JIT; we may be
1512         able to infer its type if it's a array or string length get. Finally,
1513         these changes benefit from a slight tweak to optimization delay
1514         heuristics (profile fullness is now 0.35 instead of 0.25).
1515         
1516         3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
1517         and imaging-darkroom.
1518
1519         * bytecode/ValueProfile.cpp:
1520         (JSC::ValueProfile::computeStatistics):
1521         (JSC::ValueProfile::computeUpdatedPrediction):
1522         * bytecode/ValueProfile.h:
1523         (JSC::ValueProfile::ValueProfile):
1524         (JSC::ValueProfile::specFailBucket):
1525         (JSC::ValueProfile::numberOfSamples):
1526         (JSC::ValueProfile::isLive):
1527         (JSC::ValueProfile::numberOfInt32s):
1528         (JSC::ValueProfile::numberOfDoubles):
1529         (JSC::ValueProfile::numberOfCells):
1530         (JSC::ValueProfile::numberOfObjects):
1531         (JSC::ValueProfile::numberOfFinalObjects):
1532         (JSC::ValueProfile::numberOfStrings):
1533         (JSC::ValueProfile::numberOfArrays):
1534         (JSC::ValueProfile::numberOfBooleans):
1535         (JSC::ValueProfile::dump):
1536         * dfg/DFGAbstractState.cpp:
1537         (JSC::DFG::AbstractState::execute):
1538         * dfg/DFGByteCodeParser.cpp:
1539         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1540         (JSC::DFG::ByteCodeParser::getPrediction):
1541         (JSC::DFG::ByteCodeParser::parseBlock):
1542         * dfg/DFGGPRInfo.h:
1543         (JSC::DFG::JSValueRegs::JSValueRegs):
1544         (JSC::DFG::JSValueRegs::operator!):
1545         (JSC::DFG::JSValueRegs::gpr):
1546         (JSC::DFG::JSValueSource::JSValueSource):
1547         (JSC::DFG::JSValueSource::unboxedCell):
1548         (JSC::DFG::JSValueSource::operator!):
1549         (JSC::DFG::JSValueSource::isAddress):
1550         (JSC::DFG::JSValueSource::offset):
1551         (JSC::DFG::JSValueSource::base):
1552         (JSC::DFG::JSValueSource::gpr):
1553         (JSC::DFG::JSValueSource::asAddress):
1554         (JSC::DFG::JSValueSource::notAddress):
1555         (JSC::DFG::JSValueRegs::tagGPR):
1556         (JSC::DFG::JSValueRegs::payloadGPR):
1557         (JSC::DFG::JSValueSource::tagGPR):
1558         (JSC::DFG::JSValueSource::payloadGPR):
1559         (JSC::DFG::JSValueSource::hasKnownTag):
1560         (JSC::DFG::JSValueSource::tag):
1561         * dfg/DFGGenerationInfo.h:
1562         (JSC::DFG::GenerationInfo::jsValueRegs):
1563         * dfg/DFGGraph.h:
1564         (JSC::DFG::Graph::valueProfileFor):
1565         * dfg/DFGJITCodeGenerator.h:
1566         (JSC::JSValueOperand::jsValueRegs):
1567         * dfg/DFGJITCompiler.cpp:
1568         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1569         * dfg/DFGJITCompiler.h:
1570         (JSC::DFG::JITCompiler::valueProfileFor):
1571         * dfg/DFGJITCompiler32_64.cpp:
1572         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1573         * dfg/DFGPropagator.cpp:
1574         (JSC::DFG::Propagator::propagateNodePredictions):
1575         * dfg/DFGSpeculativeJIT.cpp:
1576         (JSC::DFG::OSRExit::OSRExit):
1577         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
1578         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1579         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
1580         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1581         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1582         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
1583         * dfg/DFGSpeculativeJIT.h:
1584         (JSC::DFG::SpeculativeJIT::speculationCheck):
1585         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1586         * dfg/DFGSpeculativeJIT32_64.cpp:
1587         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1588         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1589         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1590         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1591         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1592         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1593         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1594         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1595         (JSC::DFG::SpeculativeJIT::compile):
1596         * dfg/DFGSpeculativeJIT64.cpp:
1597         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1598         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1599         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1600         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1601         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1602         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1603         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1604         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1605         (JSC::DFG::SpeculativeJIT::emitBranch):
1606         (JSC::DFG::SpeculativeJIT::compile):
1607         * jit/JITPropertyAccess.cpp:
1608         (JSC::JIT::emitSlow_op_method_check):
1609         * jit/JITPropertyAccess32_64.cpp:
1610         (JSC::JIT::emitSlow_op_method_check):
1611         * runtime/Heuristics.cpp:
1612         (JSC::Heuristics::initializeHeuristics):
1613         * runtime/JSValue.h:
1614
1615 2011-10-31  Sam Weinig  <sam@webkit.org>
1616
1617         Remove need for virtual JSObject::unwrappedObject
1618         https://bugs.webkit.org/show_bug.cgi?id=71034
1619
1620         Reviewed by Geoffrey Garen.
1621
1622         * JavaScriptCore.exp:
1623         Update exports.
1624
1625         * CMakeLists.txt:
1626         * GNUmakefile.list.am:
1627         * JavaScriptCore.exp:
1628         * JavaScriptCore.gypi:
1629         * JavaScriptCore.pro:
1630         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1631         * JavaScriptCore.xcodeproj/project.pbxproj:
1632         Add JSGlobalThis.cpp.
1633
1634         * runtime/JSGlobalThis.cpp: Added.
1635         (JSC::JSGlobalThis::visitChildren):
1636         (JSC::JSGlobalThis::unwrappedObject):
1637         * runtime/JSGlobalThis.h:
1638         (JSC::JSGlobalThis::createStructure):
1639         Move underlying object from JSDOMWindowShell down to JSGlobalThis
1640         and corresponding visitChildren method.
1641
1642         * runtime/JSObject.cpp:
1643         (JSC::JSObject::unwrappedObject):
1644         Change unwrappedObject from virtual, to just needing an if check.
1645
1646         * runtime/JSObject.h:
1647         (JSC::JSObject::isGlobalThis):
1648         * runtime/JSType.h:
1649         Add isGlobalThis predicate and type.
1650
1651 2011-10-31  Xianzhu Wang  <wangxianzhu@chromium.org>
1652
1653         WTF::StringImpl::create(const char*, unsigned) calls itself
1654         https://bugs.webkit.org/show_bug.cgi?id=71206
1655
1656         The original implementation just calls itself, causing infinite recursion.
1657         Cast the first parameter to const LChar* to fix that.
1658
1659         Reviewed by Ryosuke Niwa.
1660
1661         * wtf/text/StringImpl.h:
1662         (WTF::StringImpl::create):
1663
1664 2011-10-31  Andy Wingo  <wingo@igalia.com>
1665
1666         Fix DFG JIT compilation on Linux targets.
1667         https://bugs.webkit.org/show_bug.cgi?id=70904
1668
1669         Reviewed by Darin Adler.
1670
1671         * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
1672         macro.
1673
1674         * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
1675         simplified definition from jit/JITStubs.cpp.
1676         (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
1677         Use the macro to access trampoline targets through the PLT on PIC
1678         systems, instead of introducing a text relocation.  Otherwise, the
1679         library fails to link.
1680
1681 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1682
1683         De-virtualize JSObject::defineGetter
1684         https://bugs.webkit.org/show_bug.cgi?id=71134
1685
1686         Reviewed by Darin Adler.
1687
1688         Added defineGetter to the MethodTable.  Replaced all virtual versions of defineGetter
1689         with static versions.  Replaced all call sites with lookups in the MethodTable.
1690
1691         * JavaScriptCore.exp:
1692         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1693         * debugger/DebuggerActivation.cpp:
1694         (JSC::DebuggerActivation::defineGetter):
1695         * debugger/DebuggerActivation.h:
1696         * interpreter/Interpreter.cpp:
1697         (JSC::Interpreter::privateExecute):
1698         * jit/JITStubs.cpp:
1699         (JSC::DEFINE_STUB_FUNCTION):
1700         * runtime/ClassInfo.h:
1701         * runtime/JSCell.cpp:
1702         (JSC::JSCell::defineGetter):
1703         * runtime/JSCell.h:
1704         * runtime/JSGlobalObject.cpp:
1705         (JSC::JSGlobalObject::defineGetter):
1706         * runtime/JSGlobalObject.h:
1707         * runtime/JSObject.cpp:
1708         (JSC::JSObject::defineGetter):
1709         (JSC::putDescriptor):
1710         * runtime/JSObject.h:
1711         * runtime/ObjectPrototype.cpp:
1712         (JSC::objectProtoFuncDefineGetter):
1713
1714 2011-10-31  Michael Saboff  <msaboff@apple.com>
1715
1716         Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
1717         https://bugs.webkit.org/show_bug.cgi?id=71138
1718
1719         Restructure and movement of Lexer and Parser code.
1720         Moved Lexer and Parser objects out of JSGlobalData.
1721         Added a new ParserTokens class and instance to JSGlobalData that
1722         have JavaScript token related definitions.
1723         Replaced JSGlobalData arguments to Node classes with lineNumber,
1724         as that was the only use of the JSGlobalData.
1725         Combined JSParser and Parser classes into one class,
1726         eliminating JSParser.h and .cpp.
1727         Various supporting #include changes.
1728
1729         These mostly mechanical changes are done in preparation to
1730         making the Lexer and Parser template classes.
1731
1732         Reviewed by Darin Adler.
1733
1734         * CMakeLists.txt:
1735         * GNUmakefile.list.am:
1736         * JavaScriptCore.gypi:
1737         * JavaScriptCore.pro:
1738         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1739         * JavaScriptCore.xcodeproj/project.pbxproj:
1740         * bytecompiler/NodesCodegen.cpp:
1741         (JSC::ArrayNode::toArgumentList):
1742         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1743         * parser/ASTBuilder.h:
1744         (JSC::ASTBuilder::ASTBuilder):
1745         (JSC::ASTBuilder::createSourceElements):
1746         (JSC::ASTBuilder::createCommaExpr):
1747         (JSC::ASTBuilder::createLogicalNot):
1748         (JSC::ASTBuilder::createUnaryPlus):
1749         (JSC::ASTBuilder::createVoid):
1750         (JSC::ASTBuilder::thisExpr):
1751         (JSC::ASTBuilder::createResolve):
1752         (JSC::ASTBuilder::createObjectLiteral):
1753         (JSC::ASTBuilder::createArray):
1754         (JSC::ASTBuilder::createNumberExpr):
1755         (JSC::ASTBuilder::createString):
1756         (JSC::ASTBuilder::createBoolean):
1757         (JSC::ASTBuilder::createNull):
1758         (JSC::ASTBuilder::createBracketAccess):
1759         (JSC::ASTBuilder::createDotAccess):
1760         (JSC::ASTBuilder::createRegExp):
1761         (JSC::ASTBuilder::createNewExpr):
1762         (JSC::ASTBuilder::createConditionalExpr):
1763         (JSC::ASTBuilder::createAssignResolve):
1764         (JSC::ASTBuilder::createFunctionExpr):
1765         (JSC::ASTBuilder::createFunctionBody):
1766         (JSC::ASTBuilder::createGetterOrSetterProperty):
1767         (JSC::ASTBuilder::createArguments):
1768         (JSC::ASTBuilder::createArgumentsList):
1769         (JSC::ASTBuilder::createPropertyList):
1770         (JSC::ASTBuilder::createElementList):
1771         (JSC::ASTBuilder::createFormalParameterList):
1772         (JSC::ASTBuilder::createClause):
1773         (JSC::ASTBuilder::createClauseList):
1774         (JSC::ASTBuilder::createFuncDeclStatement):
1775         (JSC::ASTBuilder::createBlockStatement):
1776         (JSC::ASTBuilder::createExprStatement):
1777         (JSC::ASTBuilder::createIfStatement):
1778         (JSC::ASTBuilder::createForLoop):
1779         (JSC::ASTBuilder::createForInLoop):
1780         (JSC::ASTBuilder::createEmptyStatement):
1781         (JSC::ASTBuilder::createVarStatement):
1782         (JSC::ASTBuilder::createReturnStatement):
1783         (JSC::ASTBuilder::createBreakStatement):
1784         (JSC::ASTBuilder::createContinueStatement):
1785         (JSC::ASTBuilder::createTryStatement):
1786         (JSC::ASTBuilder::createSwitchStatement):
1787         (JSC::ASTBuilder::createWhileStatement):
1788         (JSC::ASTBuilder::createDoWhileStatement):
1789         (JSC::ASTBuilder::createLabelStatement):
1790         (JSC::ASTBuilder::createWithStatement):
1791         (JSC::ASTBuilder::createThrowStatement):
1792         (JSC::ASTBuilder::createDebugger):
1793         (JSC::ASTBuilder::createConstStatement):
1794         (JSC::ASTBuilder::appendConstDecl):
1795         (JSC::ASTBuilder::combineCommaNodes):
1796         (JSC::ASTBuilder::appendBinaryOperation):
1797         (JSC::ASTBuilder::createAssignment):
1798         (JSC::ASTBuilder::createNumber):
1799         (JSC::ASTBuilder::makeTypeOfNode):
1800         (JSC::ASTBuilder::makeDeleteNode):
1801         (JSC::ASTBuilder::makeNegateNode):
1802         (JSC::ASTBuilder::makeBitwiseNotNode):
1803         (JSC::ASTBuilder::makeMultNode):
1804         (JSC::ASTBuilder::makeDivNode):
1805         (JSC::ASTBuilder::makeModNode):
1806         (JSC::ASTBuilder::makeAddNode):
1807         (JSC::ASTBuilder::makeSubNode):
1808         (JSC::ASTBuilder::makeLeftShiftNode):
1809         (JSC::ASTBuilder::makeRightShiftNode):
1810         (JSC::ASTBuilder::makeURightShiftNode):
1811         (JSC::ASTBuilder::makeBitOrNode):
1812         (JSC::ASTBuilder::makeBitAndNode):
1813         (JSC::ASTBuilder::makeBitXOrNode):
1814         (JSC::ASTBuilder::makeFunctionCallNode):
1815         (JSC::ASTBuilder::makeBinaryNode):
1816         (JSC::ASTBuilder::makeAssignNode):
1817         (JSC::ASTBuilder::makePrefixNode):
1818         (JSC::ASTBuilder::makePostfixNode):
1819         * parser/JSParser.cpp: Removed.
1820         * parser/JSParser.h: Removed.
1821         * parser/Lexer.cpp:
1822         (JSC::Keywords::Keywords):
1823         (JSC::Lexer::Lexer):
1824         (JSC::Lexer::~Lexer):
1825         (JSC::Lexer::setCode):
1826         (JSC::Lexer::parseIdentifier):
1827         * parser/Lexer.h:
1828         (JSC::Keywords::isKeyword):
1829         (JSC::Keywords::getKeyword):
1830         (JSC::Keywords::~Keywords):
1831         (JSC::Lexer::setIsReparsing):
1832         (JSC::Lexer::isReparsing):
1833         (JSC::Lexer::lineNumber):
1834         (JSC::Lexer::setLastLineNumber):
1835         (JSC::Lexer::lastLineNumber):
1836         (JSC::Lexer::prevTerminator):
1837         (JSC::Lexer::sawError):
1838         (JSC::Lexer::getErrorMessage):
1839         (JSC::Lexer::currentOffset):
1840         (JSC::Lexer::setOffset):
1841         (JSC::Lexer::setLineNumber):
1842         (JSC::Lexer::sourceProvider):
1843         (JSC::Lexer::isWhiteSpace):
1844         (JSC::Lexer::isLineTerminator):
1845         (JSC::Lexer::convertHex):
1846         (JSC::Lexer::convertUnicode):
1847         (JSC::Lexer::makeIdentifier):
1848         (JSC::Lexer::lexExpectIdentifier):
1849         * parser/NodeConstructors.h:
1850         (JSC::ParserArenaFreeable::operator new):
1851         (JSC::ParserArenaDeletable::operator new):
1852         (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
1853         (JSC::Node::Node):
1854         (JSC::ExpressionNode::ExpressionNode):
1855         (JSC::StatementNode::StatementNode):
1856         (JSC::NullNode::NullNode):
1857         (JSC::BooleanNode::BooleanNode):
1858         (JSC::NumberNode::NumberNode):
1859         (JSC::StringNode::StringNode):
1860         (JSC::RegExpNode::RegExpNode):
1861         (JSC::ThisNode::ThisNode):
1862         (JSC::ResolveNode::ResolveNode):
1863         (JSC::ElementNode::ElementNode):
1864         (JSC::ArrayNode::ArrayNode):
1865         (JSC::PropertyNode::PropertyNode):
1866         (JSC::PropertyListNode::PropertyListNode):
1867         (JSC::ObjectLiteralNode::ObjectLiteralNode):
1868         (JSC::BracketAccessorNode::BracketAccessorNode):
1869         (JSC::DotAccessorNode::DotAccessorNode):
1870         (JSC::ArgumentListNode::ArgumentListNode):
1871         (JSC::ArgumentsNode::ArgumentsNode):
1872         (JSC::NewExprNode::NewExprNode):
1873         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
1874         (JSC::FunctionCallValueNode::FunctionCallValueNode):
1875         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
1876         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
1877         (JSC::FunctionCallDotNode::FunctionCallDotNode):
1878         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
1879         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
1880         (JSC::PrePostResolveNode::PrePostResolveNode):
1881         (JSC::PostfixResolveNode::PostfixResolveNode):
1882         (JSC::PostfixBracketNode::PostfixBracketNode):
1883         (JSC::PostfixDotNode::PostfixDotNode):
1884         (JSC::PostfixErrorNode::PostfixErrorNode):
1885         (JSC::DeleteResolveNode::DeleteResolveNode):
1886         (JSC::DeleteBracketNode::DeleteBracketNode):
1887         (JSC::DeleteDotNode::DeleteDotNode):
1888         (JSC::DeleteValueNode::DeleteValueNode):
1889         (JSC::VoidNode::VoidNode):
1890         (JSC::TypeOfResolveNode::TypeOfResolveNode):
1891         (JSC::TypeOfValueNode::TypeOfValueNode):
1892         (JSC::PrefixResolveNode::PrefixResolveNode):
1893         (JSC::PrefixBracketNode::PrefixBracketNode):
1894         (JSC::PrefixDotNode::PrefixDotNode):
1895         (JSC::PrefixErrorNode::PrefixErrorNode):
1896         (JSC::UnaryOpNode::UnaryOpNode):
1897         (JSC::UnaryPlusNode::UnaryPlusNode):
1898         (JSC::NegateNode::NegateNode):
1899         (JSC::BitwiseNotNode::BitwiseNotNode):
1900         (JSC::LogicalNotNode::LogicalNotNode):
1901         (JSC::BinaryOpNode::BinaryOpNode):
1902         (JSC::MultNode::MultNode):
1903         (JSC::DivNode::DivNode):
1904         (JSC::ModNode::ModNode):
1905         (JSC::AddNode::AddNode):
1906         (JSC::SubNode::SubNode):
1907         (JSC::LeftShiftNode::LeftShiftNode):
1908         (JSC::RightShiftNode::RightShiftNode):
1909         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
1910         (JSC::LessNode::LessNode):
1911         (JSC::GreaterNode::GreaterNode):
1912         (JSC::LessEqNode::LessEqNode):
1913         (JSC::GreaterEqNode::GreaterEqNode):
1914         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
1915         (JSC::InstanceOfNode::InstanceOfNode):
1916         (JSC::InNode::InNode):
1917         (JSC::EqualNode::EqualNode):
1918         (JSC::NotEqualNode::NotEqualNode):
1919         (JSC::StrictEqualNode::StrictEqualNode):
1920         (JSC::NotStrictEqualNode::NotStrictEqualNode):
1921         (JSC::BitAndNode::BitAndNode):
1922         (JSC::BitOrNode::BitOrNode):
1923         (JSC::BitXOrNode::BitXOrNode):
1924         (JSC::LogicalOpNode::LogicalOpNode):
1925         (JSC::ConditionalNode::ConditionalNode):
1926         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
1927         (JSC::AssignResolveNode::AssignResolveNode):
1928         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
1929         (JSC::AssignBracketNode::AssignBracketNode):
1930         (JSC::AssignDotNode::AssignDotNode):
1931         (JSC::ReadModifyDotNode::ReadModifyDotNode):
1932         (JSC::AssignErrorNode::AssignErrorNode):
1933         (JSC::CommaNode::CommaNode):
1934         (JSC::ConstStatementNode::ConstStatementNode):
1935         (JSC::SourceElements::SourceElements):
1936         (JSC::EmptyStatementNode::EmptyStatementNode):
1937         (JSC::DebuggerStatementNode::DebuggerStatementNode):
1938         (JSC::ExprStatementNode::ExprStatementNode):
1939         (JSC::VarStatementNode::VarStatementNode):
1940         (JSC::IfNode::IfNode):
1941         (JSC::IfElseNode::IfElseNode):
1942         (JSC::DoWhileNode::DoWhileNode):
1943         (JSC::WhileNode::WhileNode):
1944         (JSC::ForNode::ForNode):
1945         (JSC::ContinueNode::ContinueNode):
1946         (JSC::BreakNode::BreakNode):
1947         (JSC::ReturnNode::ReturnNode):
1948         (JSC::WithNode::WithNode):
1949         (JSC::LabelNode::LabelNode):
1950         (JSC::ThrowNode::ThrowNode):
1951         (JSC::TryNode::TryNode):
1952         (JSC::ParameterNode::ParameterNode):
1953         (JSC::FuncExprNode::FuncExprNode):
1954         (JSC::FuncDeclNode::FuncDeclNode):
1955         (JSC::CaseClauseNode::CaseClauseNode):
1956         (JSC::ClauseListNode::ClauseListNode):
1957         (JSC::CaseBlockNode::CaseBlockNode):
1958         (JSC::SwitchNode::SwitchNode):
1959         (JSC::ConstDeclNode::ConstDeclNode):
1960         (JSC::BlockNode::BlockNode):
1961         (JSC::ForInNode::ForInNode):
1962         * parser/NodeInfo.h:
1963         * parser/Nodes.cpp:
1964         (JSC::StatementNode::setLoc):
1965         (JSC::ScopeNode::ScopeNode):
1966         (JSC::ProgramNode::ProgramNode):
1967         (JSC::ProgramNode::create):
1968         (JSC::EvalNode::EvalNode):
1969         (JSC::EvalNode::create):
1970         (JSC::FunctionBodyNode::FunctionBodyNode):
1971         (JSC::FunctionBodyNode::create):
1972         * parser/Nodes.h:
1973         (JSC::Node::lineNo):
1974         * parser/Parser.cpp:
1975         (JSC::Parser::Parser):
1976         (JSC::Parser::~Parser):
1977         (JSC::Parser::parseInner):
1978         (JSC::Parser::allowAutomaticSemicolon):
1979         (JSC::Parser::parseSourceElements):
1980         (JSC::Parser::parseVarDeclaration):
1981         (JSC::Parser::parseConstDeclaration):
1982         (JSC::Parser::parseDoWhileStatement):
1983         (JSC::Parser::parseWhileStatement):
1984         (JSC::Parser::parseVarDeclarationList):
1985         (JSC::Parser::parseConstDeclarationList):
1986         (JSC::Parser::parseForStatement):
1987         (JSC::Parser::parseBreakStatement):
1988         (JSC::Parser::parseContinueStatement):
1989         (JSC::Parser::parseReturnStatement):
1990         (JSC::Parser::parseThrowStatement):
1991         (JSC::Parser::parseWithStatement):
1992         (JSC::Parser::parseSwitchStatement):
1993         (JSC::Parser::parseSwitchClauses):
1994         (JSC::Parser::parseSwitchDefaultClause):
1995         (JSC::Parser::parseTryStatement):
1996         (JSC::Parser::parseDebuggerStatement):
1997         (JSC::Parser::parseBlockStatement):
1998         (JSC::Parser::parseStatement):
1999         (JSC::Parser::parseFormalParameters):
2000         (JSC::Parser::parseFunctionBody):
2001         (JSC::Parser::parseFunctionInfo):
2002         (JSC::Parser::parseFunctionDeclaration):
2003         (JSC::LabelInfo::LabelInfo):
2004         (JSC::Parser::parseExpressionOrLabelStatement):
2005         (JSC::Parser::parseExpressionStatement):
2006         (JSC::Parser::parseIfStatement):
2007         (JSC::Parser::parseExpression):
2008         (JSC::Parser::parseAssignmentExpression):
2009         (JSC::Parser::parseConditionalExpression):
2010         (JSC::isUnaryOp):
2011         (JSC::Parser::isBinaryOperator):
2012         (JSC::Parser::parseBinaryExpression):
2013         (JSC::Parser::parseProperty):
2014         (JSC::Parser::parseObjectLiteral):
2015         (JSC::Parser::parseStrictObjectLiteral):
2016         (JSC::Parser::parseArrayLiteral):
2017         (JSC::Parser::parsePrimaryExpression):
2018         (JSC::Parser::parseArguments):
2019         (JSC::Parser::parseMemberExpression):
2020         (JSC::Parser::parseUnaryExpression):
2021         * parser/Parser.h:
2022         (JSC::isEvalNode):
2023         (JSC::EvalNode):
2024         (JSC::DepthManager::DepthManager):
2025         (JSC::DepthManager::~DepthManager):
2026         (JSC::ScopeLabelInfo::ScopeLabelInfo):
2027         (JSC::Scope::Scope):
2028         (JSC::Scope::startSwitch):
2029         (JSC::Scope::endSwitch):
2030         (JSC::Scope::startLoop):
2031         (JSC::Scope::endLoop):
2032         (JSC::Scope::inLoop):
2033         (JSC::Scope::breakIsValid):
2034         (JSC::Scope::continueIsValid):
2035         (JSC::Scope::pushLabel):
2036         (JSC::Scope::popLabel):
2037         (JSC::Scope::getLabel):
2038         (JSC::Scope::setIsFunction):
2039         (JSC::Scope::isFunction):
2040         (JSC::Scope::isFunctionBoundary):
2041         (JSC::Scope::declareVariable):
2042         (JSC::Scope::declareWrite):
2043         (JSC::Scope::preventNewDecls):
2044         (JSC::Scope::allowsNewDecls):
2045         (JSC::Scope::declareParameter):
2046         (JSC::Scope::useVariable):
2047         (JSC::Scope::setNeedsFullActivation):
2048         (JSC::Scope::collectFreeVariables):
2049         (JSC::Scope::getUncapturedWrittenVariables):
2050         (JSC::Scope::getCapturedVariables):
2051         (JSC::Scope::setStrictMode):
2052         (JSC::Scope::strictMode):
2053         (JSC::Scope::isValidStrictMode):
2054         (JSC::Scope::shadowsArguments):
2055         (JSC::Scope::copyCapturedVariablesToVector):
2056         (JSC::Scope::saveFunctionInfo):
2057         (JSC::Scope::restoreFunctionInfo):
2058         (JSC::ScopeRef::ScopeRef):
2059         (JSC::ScopeRef::operator->):
2060         (JSC::ScopeRef::index):
2061         (JSC::ScopeRef::hasContainingScope):
2062         (JSC::ScopeRef::containingScope):
2063         (JSC::Parser::AllowInOverride::AllowInOverride):
2064         (JSC::Parser::AllowInOverride::~AllowInOverride):
2065         (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
2066         (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
2067         (JSC::Parser::AutoPopScopeRef::setPopped):
2068         (JSC::Parser::currentScope):
2069         (JSC::Parser::pushScope):
2070         (JSC::Parser::popScopeInternal):
2071         (JSC::Parser::popScope):
2072         (JSC::Parser::declareVariable):
2073         (JSC::Parser::declareWrite):
2074         (JSC::Parser::findCachedFunctionInfo):
2075         (JSC::Parser::isFunctionBodyNode):
2076         (JSC::Parser::next):
2077         (JSC::Parser::nextExpectIdentifier):
2078         (JSC::Parser::nextTokenIsColon):
2079         (JSC::Parser::consume):
2080         (JSC::Parser::getToken):
2081         (JSC::Parser::match):
2082         (JSC::Parser::tokenStart):
2083         (JSC::Parser::tokenLine):
2084         (JSC::Parser::tokenEnd):
2085         (JSC::Parser::getTokenName):
2086         (JSC::Parser::updateErrorMessageSpecialCase):
2087         (JSC::Parser::updateErrorMessage):
2088         (JSC::Parser::updateErrorWithNameAndMessage):
2089         (JSC::Parser::startLoop):
2090         (JSC::Parser::endLoop):
2091         (JSC::Parser::startSwitch):
2092         (JSC::Parser::endSwitch):
2093         (JSC::Parser::setStrictMode):
2094         (JSC::Parser::strictMode):
2095         (JSC::Parser::isValidStrictMode):
2096         (JSC::Parser::declareParameter):
2097         (JSC::Parser::breakIsValid):
2098         (JSC::Parser::continueIsValid):
2099         (JSC::Parser::pushLabel):
2100         (JSC::Parser::popLabel):
2101         (JSC::Parser::getLabel):
2102         (JSC::Parser::autoSemiColon):
2103         (JSC::Parser::canRecurse):
2104         (JSC::Parser::lastTokenEnd):
2105         (JSC::Parser::DepthManager::DepthManager):
2106         (JSC::Parser::DepthManager::~DepthManager):
2107         (JSC::Parser::parse):
2108         (JSC::parse):
2109         * parser/ParserTokens.h: Added.
2110         (JSC::JSTokenInfo::JSTokenInfo):
2111         * parser/SourceCode.h:
2112         (JSC::SourceCode::subExpression):
2113         * parser/SourceProviderCacheItem.h:
2114         * parser/SyntaxChecker.h:
2115         (JSC::SyntaxChecker::SyntaxChecker):
2116         (JSC::SyntaxChecker::makeFunctionCallNode):
2117         (JSC::SyntaxChecker::createCommaExpr):
2118         (JSC::SyntaxChecker::makeAssignNode):
2119         (JSC::SyntaxChecker::makePrefixNode):
2120         (JSC::SyntaxChecker::makePostfixNode):
2121         (JSC::SyntaxChecker::makeTypeOfNode):
2122         (JSC::SyntaxChecker::makeDeleteNode):
2123         (JSC::SyntaxChecker::makeNegateNode):
2124         (JSC::SyntaxChecker::makeBitwiseNotNode):
2125         (JSC::SyntaxChecker::createLogicalNot):
2126         (JSC::SyntaxChecker::createUnaryPlus):
2127         (JSC::SyntaxChecker::createVoid):
2128         (JSC::SyntaxChecker::thisExpr):
2129         (JSC::SyntaxChecker::createResolve):
2130         (JSC::SyntaxChecker::createObjectLiteral):
2131         (JSC::SyntaxChecker::createArray):
2132         (JSC::SyntaxChecker::createNumberExpr):
2133         (JSC::SyntaxChecker::createString):
2134         (JSC::SyntaxChecker::createBoolean):
2135         (JSC::SyntaxChecker::createNull):
2136         (JSC::SyntaxChecker::createBracketAccess):
2137         (JSC::SyntaxChecker::createDotAccess):
2138         (JSC::SyntaxChecker::createRegExp):
2139         (JSC::SyntaxChecker::createNewExpr):
2140         (JSC::SyntaxChecker::createConditionalExpr):
2141         (JSC::SyntaxChecker::createAssignResolve):
2142         (JSC::SyntaxChecker::createFunctionExpr):
2143         (JSC::SyntaxChecker::createFunctionBody):
2144         (JSC::SyntaxChecker::createArguments):
2145         (JSC::SyntaxChecker::createArgumentsList):
2146         (JSC::SyntaxChecker::createProperty):
2147         (JSC::SyntaxChecker::createPropertyList):
2148         (JSC::SyntaxChecker::createFuncDeclStatement):
2149         (JSC::SyntaxChecker::createBlockStatement):
2150         (JSC::SyntaxChecker::createExprStatement):
2151         (JSC::SyntaxChecker::createIfStatement):
2152         (JSC::SyntaxChecker::createForLoop):
2153         (JSC::SyntaxChecker::createForInLoop):
2154         (JSC::SyntaxChecker::createEmptyStatement):
2155         (JSC::SyntaxChecker::createVarStatement):
2156         (JSC::SyntaxChecker::createReturnStatement):
2157         (JSC::SyntaxChecker::createBreakStatement):
2158         (JSC::SyntaxChecker::createContinueStatement):
2159         (JSC::SyntaxChecker::createTryStatement):
2160         (JSC::SyntaxChecker::createSwitchStatement):
2161         (JSC::SyntaxChecker::createWhileStatement):
2162         (JSC::SyntaxChecker::createWithStatement):
2163         (JSC::SyntaxChecker::createDoWhileStatement):
2164         (JSC::SyntaxChecker::createLabelStatement):
2165         (JSC::SyntaxChecker::createThrowStatement):
2166         (JSC::SyntaxChecker::createDebugger):
2167         (JSC::SyntaxChecker::createConstStatement):
2168         (JSC::SyntaxChecker::appendConstDecl):
2169         (JSC::SyntaxChecker::createGetterOrSetterProperty):
2170         (JSC::SyntaxChecker::combineCommaNodes):
2171         (JSC::SyntaxChecker::operatorStackPop):
2172         * runtime/Executable.cpp:
2173         (JSC::EvalExecutable::compileInternal):
2174         (JSC::ProgramExecutable::checkSyntax):
2175         (JSC::ProgramExecutable::compileInternal):
2176         (JSC::FunctionExecutable::produceCodeBlockFor):
2177         (JSC::FunctionExecutable::fromGlobalCode):
2178         * runtime/JSGlobalData.cpp:
2179         (JSC::JSGlobalData::JSGlobalData):
2180         (JSC::JSGlobalData::~JSGlobalData):
2181         * runtime/JSGlobalData.h:
2182         * runtime/LiteralParser.cpp:
2183         (JSC::LiteralParser::tryJSONPParse):
2184
2185 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
2186
2187         REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
2188         https://bugs.webkit.org/show_bug.cgi?id=71227
2189
2190         Reviewed by Oliver Hunt.
2191         
2192         No new tests, since while I can see exactly where the DFG went wrong on the
2193         site in question from looking at the generated machine code, and while I can
2194         certainly believe that such a scenario would happen, I cannot visualize how
2195         to make it happen reproducibly. It requires an odd combination of double
2196         values getting spilled and then refilled, but then reboxed at just the right
2197         time so that the spilled value is an unboxed double while the in-register
2198         value is a boxed double.
2199
2200         * dfg/DFGJITCodeGenerator.h:
2201         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2202
2203 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2204
2205         JSParser::parsePrimaryExpression should have an overflow check
2206         https://bugs.webkit.org/show_bug.cgi?id=71197
2207
2208         Reviewed by Geoff Garen.
2209
2210         * parser/JSParser.cpp:
2211         (JSC::JSParser::parsePrimaryExpression):
2212
2213 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2214
2215         DFG ValueAdd(string, int) should not fail speculation
2216         https://bugs.webkit.org/show_bug.cgi?id=71195
2217
2218         Reviewed by Geoff Garen.
2219         
2220         1% speed-up on V8.
2221
2222         * dfg/DFGNode.h:
2223         (JSC::DFG::Node::shouldNotSpeculateInteger):
2224         (JSC::DFG::Node::shouldSpeculateInteger):
2225
2226 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2227
2228         The DFG inliner should not flush the callee
2229         https://bugs.webkit.org/show_bug.cgi?id=71191
2230
2231         Reviewed by Oliver Hunt.
2232         
2233         0.6% speed-up on V8.
2234
2235         * bytecode/CodeBlock.cpp:
2236         (JSC::CodeBlock::visitAggregate):
2237         * bytecode/CodeOrigin.h:
2238         * dfg/DFGByteCodeParser.cpp:
2239         (JSC::DFG::ByteCodeParser::flush):
2240         (JSC::DFG::ByteCodeParser::handleInlining):
2241         (JSC::DFG::ByteCodeParser::parseBlock):
2242         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2243         (JSC::DFG::ByteCodeParser::parse):
2244         * dfg/DFGJITCompiler.cpp:
2245         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2246         * dfg/DFGJITCompiler32_64.cpp:
2247         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2248         * interpreter/CallFrame.cpp:
2249         (JSC::CallFrame::trueCallerFrameSlow):
2250
2251 2011-10-28  Mark Hahnenberg  <mhahnenberg@apple.com>
2252
2253         De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
2254         https://bugs.webkit.org/show_bug.cgi?id=70968
2255
2256         Reviewed by Geoffrey Garen.
2257
2258         * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
2259         TypeInfo.  Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that 
2260         needed it because Windows wouldn't build without it.
2261         (JSC::::createStructure):
2262         * API/JSCallbackObject.h:
2263         * JavaScriptCore.exp:
2264         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2265         * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. 
2266         (JSC::ErrorInstance::createStructure):
2267         * runtime/ErrorPrototype.h: Ditto
2268         (JSC::ErrorPrototype::createStructure):
2269         * runtime/JSActivation.h: Ditto
2270         (JSC::JSActivation::createStructure):
2271         * runtime/JSGlobalObject.h: Ditto
2272         (JSC::JSGlobalObject::createStructure):
2273         * runtime/JSObject.h: De-virtualized functions.  They now check the JSType of the object for the corresponding type.
2274         (JSC::JSObject::isGlobalObject):
2275         (JSC::JSObject::isVariableObject):
2276         (JSC::JSObject::isActivationObject):
2277         (JSC::JSObject::isErrorInstance):
2278         * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
2279         * runtime/JSVariableObject.cpp: Removed virtual function.
2280         * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
2281         (JSC::JSVariableObject::createStructure):
2282
2283 2011-10-28  Pavel Feldman  <pfeldman@google.com>
2284
2285         Reset line numbers for scripts generated with document.write.
2286         https://bugs.webkit.org/show_bug.cgi?id=71099
2287
2288         Reviewed by Yury Semikhatsky.
2289
2290         * wtf/text/TextPosition.h:
2291         (WTF::OrdinalNumber::OrdinalNumber):
2292
2293 2011-10-27  Daniel Bates  <dbates@rim.com>
2294
2295         CMake: Add support to optionally install the built JavaScript shell
2296         https://bugs.webkit.org/show_bug.cgi?id=71062
2297
2298         Reviewed by Antonio Gomes.
2299
2300         Generate an installation rule for installing the JavaScript shell in
2301         /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
2302         is defined.
2303
2304         * shell/CMakeLists.txt:
2305
2306 2011-10-27  Kentaro Hara  <haraken@chromium.org>
2307
2308         Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
2309         https://bugs.webkit.org/show_bug.cgi?id=70215
2310
2311         Reviewed by Adam Barth.
2312
2313         Added a method that judges if a given JSValue is empty.
2314
2315         Tests: transforms/svg-vs-css.xhtml
2316                transforms/cssmatrix-2d-interface.xhtml
2317                transforms/cssmatrix-3d-interface.xhtml
2318
2319         * runtime/JSValue.h:
2320         * runtime/JSValueInlineMethods.h:
2321         (JSC::JSValue::isEmpty):
2322
2323 2011-10-27  Michael Saboff  <msaboff@apple.com>
2324
2325         ENH: Add 8 bit string support to JSC JIT
2326         https://bugs.webkit.org/show_bug.cgi?id=71073
2327
2328         Changed the JIT String character access generation to create code
2329         to check the character size and load8() or load16() as approriate.
2330
2331         Reviewed by Gavin Barraclough.
2332
2333         * assembler/MacroAssemblerX86Common.h:
2334         (JSC::MacroAssemblerX86Common::load8):
2335         * assembler/X86Assembler.h:
2336         (JSC::X86Assembler::movzbl_mr):
2337         * dfg/DFGSpeculativeJIT.cpp:
2338         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
2339         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2340         * jit/JITInlineMethods.h:
2341         (JSC::JIT::emitLoadCharacterString):
2342         * jit/JITPropertyAccess.cpp:
2343         (JSC::JIT::stringGetByValStubGenerator):
2344         * jit/JITPropertyAccess32_64.cpp:
2345         (JSC::JIT::stringGetByValStubGenerator):
2346         * jit/JSInterfaceJIT.h:
2347         (JSC::ThunkHelpers::stringImplFlagsOffset):
2348         (JSC::ThunkHelpers::stringImpl8BitFlag):
2349         * jit/ThunkGenerators.cpp:
2350         (JSC::stringCharLoad):
2351
2352 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
2353
2354         If the bytecode generator emits code after the return in the first basic block,
2355         DFG's inliner crashes
2356         https://bugs.webkit.org/show_bug.cgi?id=71071
2357
2358         Reviewed by Gavin Barraclough.
2359         
2360         Removed some cruft dealing with parsing failures due to unsupported functionality
2361         (that's never reached anymore due to it being caught in DFGCapabilities). This
2362         allowed me to repurpose the bool return from parseBlock() to mean: true if we
2363         should continue to parse, or false if we've already parsed all live code.
2364
2365         * dfg/DFGByteCodeParser.cpp:
2366         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2367         (JSC::DFG::ByteCodeParser::parseBlock):
2368         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2369
2370 2011-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2371
2372         Reviewed by David Kilzer.
2373
2374         Make FeatureDefines Identical Across OS X Projects
2375         https://bugs.webkit.org/show_bug.cgi?id=71051
2376
2377         * Configurations/FeatureDefines.xcconfig:
2378
2379 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
2380
2381         Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
2382         https://bugs.webkit.org/show_bug.cgi?id=71045
2383
2384         Reviewed by Geoff Garen.
2385         
2386         Make sure that if a structure is pinned, it also has a property map.
2387
2388         * runtime/Structure.cpp:
2389         (JSC::Structure::changePrototypeTransition):
2390         (JSC::Structure::despecifyFunctionTransition):
2391         (JSC::Structure::getterSetterTransition):
2392         (JSC::Structure::toDictionaryTransition):
2393         (JSC::Structure::preventExtensionsTransition):
2394         (JSC::Structure::addPropertyWithoutTransition):
2395         (JSC::Structure::removePropertyWithoutTransition):
2396         (JSC::Structure::pin):
2397         (JSC::Structure::copyPropertyTableForPinning):
2398         * runtime/Structure.h:
2399         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
2400
2401 2011-10-27  Michael Saboff  <msaboff@apple.com>
2402
2403         32bit build failure after r98624
2404         https://bugs.webkit.org/show_bug.cgi?id=71064
2405
2406         Disambiguated operator overload with unsigned index (0u).
2407
2408         Reviewed by Sam Weinig.
2409
2410         * runtime/UString.h:
2411         (JSC::operator==):
2412
2413 2011-10-27  Gustavo Noronha Silva  <gns@gnome.org>
2414
2415         Fix building on GNU/kFreeBSD
2416         https://bugs.webkit.org/show_bug.cgi?id=71005
2417
2418         Reviewed by Darin Adler.
2419
2420         * config.h:
2421         * wtf/Platform.h:
2422
2423 2011-10-27  Michael Saboff  <msaboff@apple.com>
2424
2425         Investigate storing strings in 8-bit buffers when possible
2426         https://bugs.webkit.org/show_bug.cgi?id=66161
2427
2428         Investigate storing strings in 8-bit buffers when possible
2429         https://bugs.webkit.org/show_bug.cgi?id=66161
2430
2431         Added support for 8 bit string data in StringImpl.  Changed
2432         (UChar*) m_data to m_data16.  Added char* m_data8 as a union
2433         with m_data16.  Added UChar* m_copyData16 to the other union
2434         to store a 16 bit copy of an 8 bit string when needed.
2435         Added characters8() and characters16() accessor methods
2436         that assume the caller has checked the underlying string type
2437         via the new is8Bit() method. The characters() method will
2438         return a UChar* of the string, materializing a 16 bit copy if the
2439         string is an 8 bit string.  Added two flags, one for 8 bit buffer
2440         and a second for a 16 bit copy for an 8 bit string.
2441
2442         Fixed method name typo (StringHasher::defaultCoverter()).
2443
2444         Over time the goal is to eliminate calls to characters() and
2445         us the character8() and characters16() accessors.
2446
2447         This patch does not include changes that actually create 8 bit
2448         strings. This is the first of at least 8 patches.  Subsequent
2449         patches will be submitted for JIT changes, making the JSC lexer,
2450         parser and literal parser, JavaScript string changes and
2451         then changes in webcore to take advantage of the 8 bit strings.
2452
2453         This change is performance neutral for SunSpider and V8 when
2454         run from the command line with "jsc".
2455
2456         Reviewed by Geoffrey Garen.
2457
2458         * JavaScriptCore.exp:
2459         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
2460         * interpreter/Interpreter.cpp:
2461         (JSC::Interpreter::callEval):
2462         * parser/SourceProvider.h:
2463         (JSC::UStringSourceProvider::data):
2464         (JSC::UStringSourceProvider::UStringSourceProvider):
2465         * runtime/Identifier.cpp:
2466         (JSC::IdentifierCStringTranslator::hash):
2467         (JSC::IdentifierCStringTranslator::equal):
2468         (JSC::IdentifierCStringTranslator::translate):
2469         (JSC::Identifier::add):
2470         (JSC::Identifier::toUInt32):
2471         * runtime/Identifier.h:
2472         (JSC::Identifier::equal):
2473         (JSC::operator==):
2474         (JSC::operator!=):
2475         * runtime/JSString.cpp:
2476         (JSC::JSString::resolveRope):
2477         (JSC::JSString::resolveRopeSlowCase):
2478         * runtime/RegExp.cpp:
2479         (JSC::RegExp::match):
2480         * runtime/StringPrototype.cpp:
2481         (JSC::jsSpliceSubstringsWithSeparators):
2482         * runtime/UString.cpp:
2483         (JSC::UString::UString):
2484         (JSC::equalSlowCase):
2485         (JSC::UString::utf8):
2486         * runtime/UString.h:
2487         (JSC::UString::characters):
2488         (JSC::UString::characters8):
2489         (JSC::UString::characters16):
2490         (JSC::UString::is8Bit):
2491         (JSC::UString::operator[]):
2492         (JSC::UString::find):
2493         (JSC::operator==):
2494         * wtf/StringHasher.h:
2495         (WTF::StringHasher::computeHash):
2496         (WTF::StringHasher::defaultConverter):
2497         * wtf/text/AtomicString.cpp:
2498         (WTF::CStringTranslator::hash):
2499         (WTF::CStringTranslator::equal):
2500         (WTF::CStringTranslator::translate):
2501         (WTF::AtomicString::add):
2502         * wtf/text/AtomicString.h:
2503         (WTF::AtomicString::AtomicString):
2504         (WTF::AtomicString::contains):
2505         (WTF::AtomicString::find):
2506         (WTF::AtomicString::add):
2507         (WTF::operator==):
2508         (WTF::operator!=):
2509         (WTF::equalIgnoringCase):
2510         * wtf/text/StringConcatenate.h:
2511         * wtf/text/StringHash.h:
2512         (WTF::StringHash::equal):
2513         (WTF::CaseFoldingHash::hash):
2514         * wtf/text/StringImpl.cpp:
2515         (WTF::StringImpl::~StringImpl):
2516         (WTF::StringImpl::createUninitialized):
2517         (WTF::StringImpl::create):
2518         (WTF::StringImpl::getData16SlowCase):
2519         (WTF::StringImpl::containsOnlyWhitespace):
2520         (WTF::StringImpl::substring):
2521         (WTF::StringImpl::characterStartingAt):
2522         (WTF::StringImpl::lower):
2523         (WTF::StringImpl::upper):
2524         (WTF::StringImpl::fill):
2525         (WTF::StringImpl::foldCase):
2526         (WTF::StringImpl::stripMatchedCharacters):
2527         (WTF::StringImpl::removeCharacters):
2528         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
2529         (WTF::StringImpl::toIntStrict):
2530         (WTF::StringImpl::toUIntStrict):
2531         (WTF::StringImpl::toInt64Strict):
2532         (WTF::StringImpl::toUInt64Strict):
2533         (WTF::StringImpl::toIntPtrStrict):
2534         (WTF::StringImpl::toInt):
2535         (WTF::StringImpl::toUInt):
2536         (WTF::StringImpl::toInt64):
2537         (WTF::StringImpl::toUInt64):
2538         (WTF::StringImpl::toIntPtr):
2539         (WTF::StringImpl::toDouble):
2540         (WTF::StringImpl::toFloat):
2541         (WTF::equal):
2542         (WTF::equalIgnoringCase):
2543         (WTF::StringImpl::find):
2544         (WTF::StringImpl::findIgnoringCase):
2545         (WTF::StringImpl::reverseFind):
2546         (WTF::StringImpl::replace):
2547         (WTF::StringImpl::defaultWritingDirection):
2548         (WTF::StringImpl::adopt):
2549         (WTF::StringImpl::createWithTerminatingNullCharacter):
2550         * wtf/text/StringImpl.h:
2551         (WTF::StringImpl::StringImpl):
2552         (WTF::StringImpl::create):
2553         (WTF::StringImpl::create8):
2554         (WTF::StringImpl::tryCreateUninitialized):
2555         (WTF::StringImpl::flagsOffset):
2556         (WTF::StringImpl::flagIs8Bit):
2557         (WTF::StringImpl::dataOffset):
2558         (WTF::StringImpl::is8Bit):
2559         (WTF::StringImpl::characters8):
2560         (WTF::StringImpl::characters16):
2561         (WTF::StringImpl::characters):
2562         (WTF::StringImpl::has16BitShadow):
2563         (WTF::StringImpl::setHash):
2564         (WTF::StringImpl::hash):
2565         (WTF::StringImpl::copyChars):
2566         (WTF::StringImpl::operator[]):
2567         (WTF::StringImpl::find):
2568         (WTF::StringImpl::findIgnoringCase):
2569         (WTF::equal):
2570         (WTF::equalIgnoringCase):
2571         (WTF::StringImpl::isolatedCopy):
2572         * wtf/text/WTFString.cpp:
2573         (WTF::String::String):
2574         (WTF::String::append):
2575         (WTF::String::format):
2576         (WTF::String::fromUTF8):
2577         (WTF::String::fromUTF8WithLatin1Fallback):
2578         * wtf/text/WTFString.h:
2579         (WTF::String::find):
2580         (WTF::String::findIgnoringCase):
2581         (WTF::String::contains):
2582         (WTF::String::append):
2583         (WTF::String::fromUTF8):
2584         (WTF::String::fromUTF8WithLatin1Fallback):
2585         (WTF::operator==):
2586         (WTF::operator!=):
2587         (WTF::equalIgnoringCase):
2588         * wtf/unicode/Unicode.h:
2589         * yarr/YarrJIT.cpp:
2590         (JSC::Yarr::execute):
2591         * yarr/YarrJIT.h:
2592         (JSC::Yarr::YarrCodeBlock::execute):
2593         * yarr/YarrParser.h:
2594         (JSC::Yarr::Parser::Parser):
2595
2596 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2597
2598         Fixing windows build
2599
2600         Unreviewed build fix
2601
2602         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2603
2604 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2605
2606         Add ability to check for presence of static members at compile time
2607         https://bugs.webkit.org/show_bug.cgi?id=70986
2608
2609         Reviewed by Geoffrey Garen.
2610
2611         Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 
2612         HAS_MEMBER_NAMED macro to use that template to check if the specified class 
2613         does indeed have a method with that name.  This mechanism is not currently 
2614         used anywhere, but will be in the future when adding virtual methods from 
2615         JSObject to the MethodTable.
2616
2617         * runtime/ClassInfo.h:
2618
2619 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2620
2621         De-virtualize JSCell::toThisObject
2622         https://bugs.webkit.org/show_bug.cgi?id=70958
2623
2624         Reviewed by Geoffrey Garen.
2625
2626         Converted all instances of toThisObject to static functions, 
2627         added toThisObject to the MethodTable, and replaced all call sites
2628         with a corresponding lookup in the MethodTable.
2629
2630         * API/JSContextRef.cpp:
2631         * JavaScriptCore.exp:
2632         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2633         * runtime/ClassInfo.h:
2634         * runtime/JSActivation.cpp:
2635         (JSC::JSActivation::toThisObject):
2636         * runtime/JSActivation.h:
2637         * runtime/JSCell.cpp:
2638         (JSC::JSCell::toThisObject):
2639         * runtime/JSCell.h:
2640         * runtime/JSObject.cpp:
2641         (JSC::JSObject::put):
2642         (JSC::JSObject::toThisObject):
2643         * runtime/JSObject.h:
2644         (JSC::JSValue::toThisObject):
2645         * runtime/JSStaticScopeObject.cpp:
2646         (JSC::JSStaticScopeObject::toThisObject):
2647         * runtime/JSStaticScopeObject.h:
2648         * runtime/JSString.cpp:
2649         (JSC::JSString::toThisObject):
2650         * runtime/JSString.h:
2651         * runtime/StrictEvalActivation.cpp:
2652         (JSC::StrictEvalActivation::toThisObject):
2653         * runtime/StrictEvalActivation.h:
2654
2655 2011-10-27  Yuqiang Xian  <yuqiang.xian@intel.com>
2656
2657         Fix a small bug in callOperation after r98431
2658         https://bugs.webkit.org/show_bug.cgi?id=70984
2659
2660         Reviewed by Geoffrey Garen.
2661
2662         TrustedImmPtr is not expecting "int" type parameters.
2663
2664         * dfg/DFGJITCodeGenerator.h:
2665         (JSC::DFG::callOperation):
2666
2667 2011-10-26  Oliver Hunt  <oliver@apple.com>
2668
2669         Restore structure-clearing behaviour of allocateCell<>
2670         https://bugs.webkit.org/show_bug.cgi?id=70976
2671
2672         Reviewed by Geoffrey Garen.
2673
2674         This restores the logic that allows the markstack to filter
2675         live objects that have not yet been initialised.
2676
2677         * runtime/JSCell.h:
2678         (JSC::JSCell::clearStructure):
2679            Validation-safe method to clear a cell's structure.
2680         (JSC::allocateCell):
2681            Call the above method.
2682         * runtime/Structure.h:
2683         (JSC::MarkStack::internalAppend):
2684            Don't visit cells that haven't been initialised.
2685
2686 2011-10-26  Filip Pizlo  <fpizlo@apple.com>
2687
2688         REGRESSION (r97030): Cannot log in to progressive.com
2689         https://bugs.webkit.org/show_bug.cgi?id=70094
2690
2691         Reviewed by Oliver Hunt.
2692
2693         * dfg/DFGByteCodeParser.cpp:
2694         (JSC::DFG::ByteCodeParser::handleCall):
2695
2696 2011-10-26  Mark Hahnenberg  <mhahnenberg@apple.com>
2697
2698         Remove getOwnPropertySlotVirtual
2699         https://bugs.webkit.org/show_bug.cgi?id=70741
2700
2701         Reviewed by Geoffrey Garen.
2702
2703         Removed all declarations and definitions of getOwnPropertySlotVirtual.
2704         Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
2705         corresponding lookup in the MethodTable.
2706
2707         * API/JSCallbackObject.h:
2708         * API/JSCallbackObjectFunctions.h:
2709         (JSC::::getOwnPropertyDescriptor):
2710         * JavaScriptCore.exp:
2711         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2712         * debugger/DebuggerActivation.cpp:
2713         (JSC::DebuggerActivation::getOwnPropertySlot):
2714         * debugger/DebuggerActivation.h:
2715         * runtime/Arguments.cpp:
2716         * runtime/Arguments.h:
2717         * runtime/ArrayConstructor.cpp:
2718         * runtime/ArrayConstructor.h:
2719         * runtime/ArrayPrototype.cpp:
2720         * runtime/ArrayPrototype.h:
2721         * runtime/BooleanPrototype.cpp:
2722         * runtime/BooleanPrototype.h:
2723         * runtime/DateConstructor.cpp:
2724         * runtime/DateConstructor.h:
2725         * runtime/DatePrototype.cpp:
2726         * runtime/DatePrototype.h:
2727         (JSC::DatePrototype::create):
2728         * runtime/ErrorPrototype.cpp:
2729         * runtime/ErrorPrototype.h:
2730         * runtime/JSActivation.cpp:
2731         * runtime/JSActivation.h:
2732         * runtime/JSArray.cpp:
2733         (JSC::JSArray::getOwnPropertySlotByIndex):
2734         * runtime/JSArray.h:
2735         * runtime/JSByteArray.cpp:
2736         * runtime/JSByteArray.h:
2737         * runtime/JSCell.cpp:
2738         * runtime/JSCell.h:
2739         * runtime/JSFunction.cpp:
2740         (JSC::JSFunction::getOwnPropertyDescriptor):
2741         (JSC::JSFunction::getOwnPropertyNames):
2742         (JSC::JSFunction::put):
2743         * runtime/JSFunction.h:
2744         * runtime/JSGlobalObject.cpp:
2745         * runtime/JSGlobalObject.h:
2746         * runtime/JSNotAnObject.cpp:
2747         * runtime/JSNotAnObject.h:
2748         * runtime/JSONObject.cpp:
2749         (JSC::Stringifier::Holder::appendNextProperty):
2750         (JSC::Walker::walk):
2751         * runtime/JSONObject.h:
2752         * runtime/JSObject.cpp:
2753         (JSC::JSObject::getOwnPropertySlotByIndex):
2754         (JSC::JSObject::hasOwnProperty):
2755         * runtime/JSObject.h:
2756         (JSC::JSCell::fastGetOwnPropertySlot):
2757         (JSC::JSObject::getPropertySlot):
2758         (JSC::JSValue::get):
2759         * runtime/JSStaticScopeObject.cpp:
2760         * runtime/JSStaticScopeObject.h:
2761         * runtime/JSString.cpp:
2762         (JSC::JSString::getOwnPropertySlot):
2763         * runtime/JSString.h:
2764         * runtime/MathObject.cpp:
2765         * runtime/MathObject.h:
2766         (JSC::MathObject::create):
2767         * runtime/NumberConstructor.cpp:
2768         * runtime/NumberConstructor.h:
2769         * runtime/NumberPrototype.cpp:
2770         * runtime/NumberPrototype.h:
2771         * runtime/ObjectConstructor.cpp:
2772         * runtime/ObjectConstructor.h:
2773         * runtime/ObjectPrototype.cpp:
2774         * runtime/ObjectPrototype.h:
2775         * runtime/RegExpConstructor.cpp:
2776         * runtime/RegExpConstructor.h:
2777         * runtime/RegExpMatchesArray.h:
2778         (JSC::RegExpMatchesArray::createStructure):
2779         * runtime/RegExpObject.cpp:
2780         * runtime/RegExpObject.h:
2781         * runtime/RegExpPrototype.cpp:
2782         * runtime/RegExpPrototype.h:
2783         * runtime/StringConstructor.cpp:
2784         * runtime/StringConstructor.h:
2785         * runtime/StringObject.cpp:
2786         * runtime/StringObject.h:
2787         * runtime/StringPrototype.cpp:
2788         * runtime/StringPrototype.h:
2789
2790 2011-10-26  Alejandro G. Castro  <alex@igalia.com>
2791
2792         [GTK] [WK2] Add WebKit2 distcheck support
2793         https://bugs.webkit.org/show_bug.cgi?id=70933
2794
2795         Reviewed by Martin Robinson.
2796
2797         * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
2798
2799 2011-10-26  Michael Saboff  <msaboff@apple.com>
2800
2801         Increase StringImpl Flag Bits for 8 bit Strings
2802         https://bugs.webkit.org/show_bug.cgi?id=70937
2803
2804         Increased the number of bits used for flags in StringImpl
2805         from 6 to 8 bits. This frees up 2 flag bits that will be
2806         used for 8-bit string support. Updated hash methods accordingly.
2807         Changed hash value masking from the low bits to the high
2808         bits.
2809
2810         Reviewed by Darin Adler.
2811
2812         * create_hash_table:
2813         * wtf/StringHasher.h:
2814         (WTF::StringHasher::hash):
2815         * wtf/text/StringImpl.h:
2816
2817 2011-10-26  Dan Bernstein  <mitz@apple.com>
2818
2819         Build fix.
2820
2821         Reverted r98488, which caused the scripts’ status messages to be included in the generated
2822         files.
2823
2824         * create_hash_table:
2825         * create_jit_stubs:
2826
2827 2011-10-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
2828
2829         Don't print regular output to STDERR when generating hashtables and JIT stubs
2830
2831         Reviewed by Simon Hausmann.
2832
2833         * create_hash_table:
2834         * create_jit_stubs:
2835
2836 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
2837
2838         Split DFGJITCodeGenerator::callOperation methods
2839         https://bugs.webkit.org/show_bug.cgi?id=70870
2840
2841         Reviewed by Filip Pizlo.
2842
2843         The DFGJITCodeGenerator currently contains two sets of callOperation methods.
2844         One set works with the JSVALUE64 value representation and passes arguments in
2845         registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
2846         value representation and passes arguments in memory  (suitable for use on x86).
2847         By refactoring out the representation and calling convention specific aspects
2848         of the code we can also configure the DFG JIT to operator on platforms that use
2849         the JSVALUE32_64 value representation but pass arguments in registers.
2850
2851         On platforms supported by the JIT, the payload precedes the tag of a value in
2852         argument/result ordering, as such, in order to make the setupResults method
2853         generally applicable to return the results of a function that are returned in
2854         two registers, the ordering of arguments to this function has been reversed -
2855         as is the ordering of augments passed to setupArguments methods, with respect
2856         to the ordering with which they are passed in to callOperation.
2857         This inconsistency will be resolved in a later change when we combine the pairs
2858         of arguments passed into callOperation, such that the function signatures can
2859         be made consistent across the two value representations (the callOperation
2860         methods will be passed a reference to a struct representing the JSValue
2861         temporary, this will consist of two gprs on 32_64 and one on 64).
2862
2863         * dfg/DFGJITCodeGenerator.h:
2864         (JSC::DFG::resetCallArguments):
2865         (JSC::DFG::addCallArgument):
2866             - moved, removed tag,payload version of this method.
2867         (JSC::DFG::setupArguments):
2868         (JSC::DFG::setupArgumentsExecState):
2869         (JSC::DFG::setupArgumentsWithExecState):
2870             - Calling convention specific portion of callOperation refactored out into these methods.
2871         (JSC::DFG::callOperation):
2872             - updated these methods to use setupArguments* methods.
2873         (JSC::DFG::setupResults):
2874             - setupResults is now passed payload,tag.
2875         (JSC::DFG::appendCallWithExceptionCheckSetResult):
2876             - Added fpr versions of this function.
2877         (JSC::DFG::appendCallSetResult):
2878             - Added versions of this function without exception check.
2879         * dfg/DFGJITCodeGenerator32_64.cpp:
2880         (JSC::DFG::JITCodeGenerator::emitCall):
2881             - setupResults is now passed payload,tag.
2882
2883 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2884
2885         Remove deletePropertyVirtual
2886         https://bugs.webkit.org/show_bug.cgi?id=70738
2887
2888         Reviewed by Geoffrey Garen.
2889
2890         Removed all declarations and definitions of deletePropertyVirtual.
2891         Also replaced all call sites to deletePropertyVirtual with a 
2892         corresponding lookup in the MethodTable.
2893
2894         * API/JSCallbackObject.h:
2895         * API/JSCallbackObjectFunctions.h:
2896         (JSC::::deletePropertyByIndex):
2897         * API/JSObjectRef.cpp:
2898         (JSObjectDeleteProperty):
2899         * JavaScriptCore.exp:
2900         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2901         * debugger/DebuggerActivation.cpp:
2902         (JSC::DebuggerActivation::deleteProperty):
2903         * debugger/DebuggerActivation.h:
2904         * interpreter/Interpreter.cpp:
2905         (JSC::Interpreter::privateExecute):
2906         * jit/JITStubs.cpp:
2907         (JSC::DEFINE_STUB_FUNCTION):
2908         * runtime/Arguments.cpp:
2909         * runtime/Arguments.h:
2910         * runtime/ArrayPrototype.cpp:
2911         (JSC::arrayProtoFuncPop):
2912         (JSC::arrayProtoFuncReverse):
2913         (JSC::arrayProtoFuncShift):
2914         (JSC::arrayProtoFuncSplice):
2915         (JSC::arrayProtoFuncUnShift):
2916         * runtime/JSActivation.cpp:
2917         * runtime/JSActivation.h:
2918         * runtime/JSArray.cpp:
2919         (JSC::JSArray::deleteProperty):
2920         (JSC::JSArray::deletePropertyByIndex):
2921         * runtime/JSArray.h:
2922         * runtime/JSCell.cpp:
2923         (JSC::JSCell::deleteProperty):
2924         (JSC::JSCell::deletePropertyByIndex):
2925         * runtime/JSCell.h:
2926         * runtime/JSFunction.cpp:
2927         * runtime/JSFunction.h:
2928         * runtime/JSNotAnObject.cpp:
2929         * runtime/JSNotAnObject.h:
2930         * runtime/JSONObject.cpp:
2931         (JSC::Walker::walk):
2932         * runtime/JSObject.cpp:
2933         (JSC::JSObject::deletePropertyByIndex):
2934         (JSC::JSObject::defineOwnProperty):
2935         * runtime/JSObject.h:
2936         * runtime/JSVariableObject.cpp:
2937         * runtime/JSVariableObject.h:
2938         * runtime/RegExpMatchesArray.h:
2939         * runtime/StrictEvalActivation.cpp:
2940         * runtime/StrictEvalActivation.h:
2941         * runtime/StringObject.cpp:
2942         * runtime/StringObject.h:
2943
2944 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2945
2946         Remove putVirtual
2947         https://bugs.webkit.org/show_bug.cgi?id=70740
2948
2949         Reviewed by Geoffrey Garen.
2950
2951         Removed all declarations and definitions of putVirtual.
2952         Also replaced all call sites to putVirtual with a 
2953         corresponding lookup in the MethodTable.
2954
2955         * API/JSCallbackObject.h:
2956         * API/JSCallbackObjectFunctions.h:
2957         * API/JSObjectRef.cpp:
2958         (JSObjectSetProperty):
2959         (JSObjectSetPropertyAtIndex):
2960         * JavaScriptCore.exp:
2961         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2962         * debugger/DebuggerActivation.cpp:
2963         (JSC::DebuggerActivation::put):
2964         * debugger/DebuggerActivation.h:
2965         * dfg/DFGOperations.cpp:
2966         * interpreter/Interpreter.cpp:
2967         (JSC::Interpreter::execute):
2968         (JSC::Interpreter::privateExecute):
2969         * jsc.cpp:
2970         (GlobalObject::finishCreation):
2971         * runtime/Arguments.cpp:
2972         * runtime/Arguments.h:
2973         * runtime/ArrayPrototype.cpp:
2974         (JSC::putProperty):
2975         (JSC::arrayProtoFuncConcat):
2976         (JSC::arrayProtoFuncPush):
2977         (JSC::arrayProtoFuncReverse):
2978         (JSC::arrayProtoFuncShift):
2979         (JSC::arrayProtoFuncSlice):
2980         (JSC::arrayProtoFuncSort):
2981         (JSC::arrayProtoFuncSplice):
2982         (JSC::arrayProtoFuncUnShift):
2983         (JSC::arrayProtoFuncFilter):
2984         (JSC::arrayProtoFuncMap):
2985         * runtime/JSActivation.cpp:
2986         * runtime/JSActivation.h:
2987         * runtime/JSArray.cpp:
2988         (JSC::JSArray::putSlowCase):
2989         (JSC::JSArray::push):
2990         (JSC::JSArray::shiftCount):
2991         (JSC::JSArray::unshiftCount):
2992         * runtime/JSArray.h:
2993         * runtime/JSByteArray.cpp:
2994         * runtime/JSByteArray.h:
2995         * runtime/JSCell.cpp:
2996         (JSC::JSCell::put):
2997         (JSC::JSCell::putByIndex):
2998         * runtime/JSCell.h:
2999         * runtime/JSFunction.cpp:
3000         * runtime/JSFunction.h:
3001         * runtime/JSGlobalObject.cpp:
3002         * runtime/JSGlobalObject.h:
3003         * runtime/JSNotAnObject.cpp:
3004         * runtime/JSNotAnObject.h:
3005         * runtime/JSONObject.cpp:
3006         (JSC::Walker::walk):
3007         * runtime/JSObject.cpp:
3008         (JSC::JSObject::putByIndex):
3009         (JSC::JSObject::defineOwnProperty):
3010         * runtime/JSObject.h:
3011         (JSC::JSValue::put):
3012         * runtime/JSStaticScopeObject.cpp:
3013         * runtime/JSStaticScopeObject.h:
3014         * runtime/ObjectPrototype.cpp:
3015         * runtime/ObjectPrototype.h:
3016         * runtime/RegExpConstructor.cpp:
3017         * runtime/RegExpConstructor.h:
3018         * runtime/RegExpMatchesArray.h:
3019         * runtime/RegExpObject.cpp:
3020         * runtime/RegExpObject.h:
3021         * runtime/StringObject.cpp:
3022         * runtime/StringObject.h:
3023         * runtime/StringPrototype.cpp:
3024         (JSC::stringProtoFuncSplit):
3025
3026 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
3027
3028         Separate out function linking & exception check data structures.
3029         https://bugs.webkit.org/show_bug.cgi?id=70858
3030
3031         Reviewed by Oliver Hunt.
3032
3033         This will make it easier to refactor the callOperation methods to spilt the value
3034         representation specific handling from the cpu/calling-convention implementation.
3035
3036         * dfg/DFGJITCodeGenerator.h:
3037         (JSC::DFG::appendCallWithExceptionCheck):
3038         * dfg/DFGJITCodeGenerator32_64.cpp:
3039         (JSC::DFG::JITCodeGenerator::emitCall):
3040         * dfg/DFGJITCodeGenerator64.cpp:
3041         (JSC::DFG::JITCodeGenerator::emitCall):
3042         * dfg/DFGJITCompiler.cpp:
3043         (JSC::DFG::JITCompiler::compileBody):
3044         (JSC::DFG::JITCompiler::link):
3045         * dfg/DFGJITCompiler.h:
3046         (JSC::DFG::CallLinkRecord::CallLinkRecord):
3047         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
3048         (JSC::DFG::JITCompiler::JITCompiler):
3049         (JSC::DFG::JITCompiler::notifyCall):
3050         (JSC::DFG::JITCompiler::appendCall):
3051         (JSC::DFG::JITCompiler::addExceptionCheck):
3052         (JSC::DFG::JITCompiler::addFastExceptionCheck):
3053         * dfg/DFGJITCompiler32_64.cpp:
3054         (JSC::DFG::JITCompiler::compileBody):
3055         (JSC::DFG::JITCompiler::link):
3056
3057 2011-10-25  Filip Pizlo  <fpizlo@apple.com>
3058
3059         Tiered compilation may introduce dangling pointers in constant buffers
3060         https://bugs.webkit.org/show_bug.cgi?id=70854
3061
3062         Reviewed by Oliver Hunt.
3063         
3064         Tiered compilation now copies constant buffers, which fixes the regression in
3065         https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
3066         regression relies on a subtle interleaving of optimized compilation and garbage
3067         collection, and cannot be reproduced in a simple test.
3068         
3069         This also adds some new debug support, which was used to fix this bug and is
3070         likely to be useful in the future.
3071
3072         * bytecode/CodeBlock.cpp:
3073         (JSC::CodeBlock::copyDataFrom):
3074         (JSC::CodeBlock::usesOpcode):
3075         * bytecode/CodeBlock.h:
3076         * dfg/DFGGraph.cpp:
3077         (JSC::DFG::Graph::dump):
3078
3079 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3080
3081         Fixing Windows build after r98367
3082
3083         Unreviewed build fix
3084
3085         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3086
3087 2011-10-25  Yuqiang Xian  <yuqiang.xian@intel.com>
3088
3089         Add missing DFG file entries to the make lists for GTK and Qt ports
3090         https://bugs.webkit.org/show_bug.cgi?id=70806
3091
3092         Reviewed by Darin Adler.
3093
3094         * GNUmakefile.list.am:
3095         * JavaScriptCore.pro:
3096
3097 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3098
3099         Add getOwnPropertySlot to MethodTable
3100         https://bugs.webkit.org/show_bug.cgi?id=69807
3101
3102         Reviewed by Oliver Hunt.
3103
3104         * JavaScriptCore.exp:
3105         * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
3106         * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 
3107         reference it in their MethodTables.
3108
3109 2011-10-25  Oliver Hunt  <oliver@apple.com>
3110
3111         Need to support marking of multiple nested codeblocks when compiling
3112         https://bugs.webkit.org/show_bug.cgi?id=70832
3113
3114         Reviewed by Gavin Barraclough.
3115
3116         When inlining a function we end up with multiple codeblocks being
3117         compiled at the same time, so we need to support a list of live
3118         codeblocks.
3119
3120         * heap/Heap.cpp:
3121         (JSC::Heap::markRoots):
3122         * runtime/JSGlobalData.cpp:
3123         (JSC::JSGlobalData::JSGlobalData):
3124         * runtime/JSGlobalData.h:
3125         (JSC::JSGlobalData::startedCompiling):
3126         (JSC::JSGlobalData::finishedCompiling):
3127
3128 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3129
3130         DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
3131         https://bugs.webkit.org/show_bug.cgi?id=70798
3132
3133         Reviewed by Filip Pizlo.
3134
3135         When filling an integer for a known integer node (not speculated), it
3136         should accept DataFormatJSInteger as well.
3137
3138         * dfg/DFGJITCodeGenerator32_64.cpp:
3139         (JSC::DFG::JITCodeGenerator::fillInteger):
3140
3141 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
3142
3143         Build fix: removed some cases of threadsafeCopy() that I missed in
3144         my previous patch.
3145
3146         * JavaScriptCore.order:
3147
3148 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
3149
3150         Removed SharedUChar and tightened language around its previous uses
3151         https://bugs.webkit.org/show_bug.cgi?id=70698
3152
3153         Reviewed by David Levin.
3154
3155         - Removed SharedUChar because most of its functionality has moved into
3156         other abstraction layers, and we want remaining clients to choose their
3157         abstractions explicitly instead of relying on StringImpl to provide this
3158         behavior implicitly, since we think they can sometimes make more efficient
3159         choices.
3160
3161         - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
3162         the former names could give the impression that the resulting object was
3163         thread-safe, but actually it's just an isolated copy, which is not
3164         thread-safe by itself, but can be used to implement a thread-safe
3165         algorithm through isolation.
3166
3167         * wtf/CrossThreadRefCounted.h: Removed.
3168
3169         * JavaScriptCore.exp: Export!
3170
3171         * wtf/text/StringImpl.cpp:
3172         (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
3173
3174         * wtf/text/StringImpl.h:
3175         (WTF::StringImpl::length): Ditto.
3176
3177         (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
3178
3179         * wtf/text/WTFString.cpp:
3180         (WTF::String::isolatedCopy):
3181         * wtf/text/WTFString.h: Updated for StringImpl changes.
3182
3183         * API/OpaqueJSString.h:
3184         * GNUmakefile.list.am:
3185         * JavaScriptCore.exp:
3186         * JavaScriptCore.gypi:
3187         * JavaScriptCore.order:
3188         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3189         * JavaScriptCore.xcodeproj/project.pbxproj:
3190         * wtf/CMakeLists.txt:
3191         * wtf/OwnFastMallocPtr.h:
3192         * wtf/RefCounted.h:
3193         * wtf/SizeLimits.cpp:
3194         * wtf/ThreadSafeRefCounted.h:
3195         * wtf/wtf.pri:
3196         * yarr/YarrPattern.h: Updated these files to accomodate removal of
3197         CrossThreadRefCounted.h.
3198
3199 2011-10-24  Oliver Hunt  <oliver@apple.com>
3200
3201         Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
3202         https://bugs.webkit.org/show_bug.cgi?id=70689
3203
3204         Reviewed by Filip Pizlo.
3205
3206         While performing codegen we need to make the GlobalData explicitly
3207         aware of the codeblock being compiled, as compilation may trigger GC
3208         and CodeBlock holds GC values, but has not yet been assigned to its
3209         owner executable.
3210
3211         * bytecompiler/BytecodeGenerator.cpp:
3212         (JSC::BytecodeGenerator::BytecodeGenerator):
3213         (JSC::BytecodeGenerator::~BytecodeGenerator):
3214         * bytecompiler/BytecodeGenerator.h:
3215         * heap/AllocationSpace.cpp:
3216         (JSC::AllocationSpace::allocateSlowCase):
3217         * heap/Heap.cpp:
3218         (JSC::Heap::markRoots):
3219         * runtime/JSGlobalData.cpp:
3220         (JSC::JSGlobalData::JSGlobalData):
3221         * runtime/JSGlobalData.h:
3222         (JSC::JSGlobalData::startedCompiling):
3223         (JSC::JSGlobalData::finishedCompiling):
3224
3225 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
3226
3227         Object-or-other branch speculation may corrupt the state for OSR if the child of the
3228         branch is an integer
3229         https://bugs.webkit.org/show_bug.cgi?id=70777
3230
3231         Reviewed by Oliver Hunt.
3232
3233         * dfg/DFGSpeculativeJIT64.cpp:
3234         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
3235
3236 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
3237
3238         op_new_array_buffer is not inlined correctly
3239         https://bugs.webkit.org/show_bug.cgi?id=70770
3240
3241         Reviewed by Oliver Hunt.
3242         
3243         Disabled inlining of op_new_array_buffer, for now.
3244
3245         * dfg/DFGCapabilities.h:
3246         (JSC::DFG::canInlineOpcode):
3247
3248 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3249
3250         Add boolean speculations to DFG JIT 32_64
3251         https://bugs.webkit.org/show_bug.cgi?id=70706
3252
3253         Reviewed by Filip Pizlo.
3254
3255         Different from the boolean speculations in DFG 64, the boolean
3256         speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
3257         boolean instead of a JSBoolean. This choice is not only for
3258         performance, but also to save a register as we're short of registers on
3259         X86.
3260         To accomplish this we make use of DataFormatBoolean, allow a value to
3261         be represented as a primitive boolean and converted from/to a
3262         JSBoolean.
3263         This patch also fixes SpillOrder in 32_64, which should be different
3264         from 64, and fixes needDataFormatConversion logic in 32_64.
3265
3266         * assembler/MacroAssemblerX86Common.h:
3267         (JSC::MacroAssemblerX86Common::branchTest32):
3268             We don't expect byte test actually as it doesn't work for registers
3269             esp..edi on X86.
3270         * dfg/DFGGenerationInfo.h:
3271         (JSC::DFG::needDataFormatConversion):
3272         (JSC::DFG::GenerationInfo::initBoolean):
3273         (JSC::DFG::GenerationInfo::gpr):
3274         (JSC::DFG::GenerationInfo::fillInteger):
3275         (JSC::DFG::GenerationInfo::fillBoolean):
3276         * dfg/DFGJITCodeGenerator.cpp:
3277         (JSC::DFG::JITCodeGenerator::checkConsistency):
3278         * dfg/DFGJITCodeGenerator.h:
3279         (JSC::DFG::JITCodeGenerator::use):
3280         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
3281         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3282         (JSC::DFG::JITCodeGenerator::spill):
3283         (JSC::DFG::cellResult):
3284         (JSC::DFG::booleanResult):
3285         * dfg/DFGJITCodeGenerator32_64.cpp:
3286         (JSC::DFG::JITCodeGenerator::fillJSValue):
3287         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
3288         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
3289         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
3290         * dfg/DFGJITCompiler32_64.cpp:
3291         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
3292         * dfg/DFGSpeculativeJIT.cpp:
3293         (JSC::DFG::ValueSource::dump):
3294         (JSC::DFG::ValueRecovery::dump):
3295         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3296         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
3297         * dfg/DFGSpeculativeJIT.h:
3298         (JSC::DFG::ValueSource::forPrediction):
3299         (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
3300         (JSC::DFG::ValueRecovery::inGPR):
3301         (JSC::DFG::ValueRecovery::gpr):
3302         * dfg/DFGSpeculativeJIT32_64.cpp:
3303         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3304         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3305         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3306         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3307         (JSC::DFG::SpeculativeJIT::compare):
3308         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
3309         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3310         (JSC::DFG::SpeculativeJIT::emitBranch):
3311         (JSC::DFG::SpeculativeJIT::compile):
3312
3313 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
3314
3315         Fixing Windows build
3316
3317         Unreviewed build fix
3318
3319         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3320
3321 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3322
3323         BitVector isInline check could fail
3324         https://bugs.webkit.org/show_bug.cgi?id=70691
3325
3326         Reviewed by Geoffrey Garen.
3327
3328         Current BitVector uses the highest bit of m_bitsOrPointer to indicate
3329         whether it's an inlined bit set or a pointer to an outOfLine bit set.
3330         This check may fail in case the pointer also has the highest bit set,
3331         which is surely possible on IA32 (Linux).
3332         In this case the check failure can result in unexpected behaviors,
3333         for example if the BitVector is incorrectly determined as having an
3334         inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
3335         modify the memory adjacent to the BitVector object.
3336         This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
3337         or outofline, based on the assumption that the pointer to OutOfLineBits
3338         should be 4 or 8 byte aligned.
3339         We could mark the lowest bit (bit 0) with 1 for inlined bit set,
3340         and bits 1~bitsInPointer are used for bit set/test.
3341         In this case we need do one bit more shift for bit set/test.
3342
3343         * wtf/BitVector.cpp:
3344         (WTF::BitVector::resizeOutOfLine):
3345         * wtf/BitVector.h:
3346         (WTF::BitVector::quickGet):
3347         (WTF::BitVector::quickSet):
3348         (WTF::BitVector::quickClear):
3349         (WTF::BitVector::makeInlineBits):
3350         (WTF::BitVector::isInline):
3351
3352 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
3353
3354         Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
3355         https://bugs.webkit.org/show_bug.cgi?id=70271
3356
3357         Reviewed by Darin Adler.
3358
3359         Renaming versions of getOwnPropertySlot that use an unsigned as the property
3360         name to "getOwnPropertySlotByIndex" in preparation for adding them to the 
3361         MethodTable, which requires unique names for each method.
3362
3363         * JavaScriptCore.exp:
3364         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3365         * runtime/Arguments.cpp:
3366         (JSC::Arguments::getOwnPropertySlotVirtual):
3367         (JSC::Arguments::getOwnPropertySlotByIndex):
3368         * runtime/Arguments.h:
3369         * runtime/JSArray.cpp:
3370         (JSC::JSArray::getOwnPropertySlotVirtual):
3371         (JSC::JSArray::getOwnPropertySlotByIndex):
3372         (JSC::JSArray::getOwnPropertySlot):
3373         * runtime/JSArray.h:
3374         * runtime/JSByteArray.cpp:
3375         (JSC::JSByteArray::getOwnPropertySlotVirtual):
3376         (JSC::JSByteArray::getOwnPropertySlotByIndex):
3377         * runtime/JSByteArray.h:
3378         * runtime/JSCell.cpp:
3379         (JSC::JSCell::getOwnPropertySlotVirtual):
3380         (JSC::JSCell::getOwnPropertySlotByIndex):
3381         * runtime/JSCell.h:
3382         * runtime/JSNotAnObject.cpp:
3383         (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
3384         (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
3385         * runtime/JSNotAnObject.h:
3386         * runtime/JSObject.cpp:
3387         (JSC::JSObject::getOwnPropertySlotVirtual):
3388         (JSC::JSObject::getOwnPropertySlotByIndex):
3389         * runtime/JSObject.h:
3390         * runtime/JSString.cpp:
3391         (JSC::JSString::getOwnPropertySlotVirtual):
3392         (JSC::JSString::getOwnPropertySlotByIndex):
3393         * runtime/JSString.h:
3394         * runtime/ObjectPrototype.cpp:
3395         (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
3396         (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
3397         * runtime/ObjectPrototype.h:
3398         * runtime/RegExpMatchesArray.h:
3399         (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
3400         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
3401         * runtime/StringObject.cpp:
3402         (JSC::StringObject::getOwnPropertySlotVirtual):
3403         (JSC::StringObject::getOwnPropertySlotByIndex):
3404         * runtime/StringObject.h:
3405
3406 2011-10-24  Patrick Gansterer  <paroga@webkit.org>
3407
3408         Interpreter build fix after r98179.
3409
3410         * bytecode/CodeBlock.h:
3411         Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
3412         since it is only used there.
3413
3414 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
3415
3416         Fixed a typo Darin spotted.
3417
3418         * wtf/StringHasher.h:
3419         (WTF::StringHasher::hash): Expelliarmus!
3420
3421 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
3422
3423         Removed StringImpl::createStrippingNullCharacters
3424         https://bugs.webkit.org/show_bug.cgi?id=70700
3425
3426         Reviewed by David Levin.
3427         
3428         It was unused.
3429
3430         * JavaScriptCore.exp:
3431         * wtf/text/StringImpl.cpp:
3432         * wtf/text/StringImpl.h:
3433
3434 2011-10-22  Filip Pizlo  <fpizlo@apple.com>
3435
3436         DFG should inline constructors
3437         https://bugs.webkit.org/show_bug.cgi?id=70675
3438
3439         Reviewed by Oliver Hunt.
3440         
3441         Adds support for inlining constructors. Also fixes two pathologies
3442         uncovered along the way: CheckMethod claimed that it never returned a
3443         result (causing CheckMethod -> SetLocal -> GetLocal sequences to
3444         result in the GetLocal doing OSR exit), and get_by_id parsing never
3445         checked if it was hot in slow path. Also fiddled with inlining
3446         heuristics; it appears that for now, the more inlining, the happier
3447         V8 is. Finally, a bug was uncovered where a silent spill of a boxed
3448         integer that had previously been spilled unboxed causes the silent
3449         fill to forget to unbox.
3450         
3451         This appears to be a 4% speed-up on V8 in their harness, or a 1%
3452         speed-up in my harness. The difference is due to warm-up: in my
3453         harness we see significant amounts of time spent in compilation, but
3454         in V8's harness compilation gets amortizes. Profiling indicates that
3455         we have the potential for a 5% win from basic optimizations like
3456         generating OSR exits lazily and holding onto bytecode longer.
3457
3458         * dfg/DFGAbstractState.cpp:
3459         (JSC::DFG::AbstractState::execute):
3460         * dfg/DFGByteCodeParser.cpp:
3461         (JSC::DFG::ByteCodeParser::handleCall):
3462         (JSC::DFG::ByteCodeParser::handleInlining):
3463         (JSC::DFG::ByteCodeParser::handleMinMax):
3464         (JSC::DFG::ByteCodeParser::parseBlock):
3465         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3466         (JSC::DFG::ByteCodeParser::parse):
3467         * dfg/DFGCapabilities.h:
3468         (JSC::DFG::mightInlineFunctionForConstruct):
3469         (JSC::DFG::canInlineOpcode):
3470         (JSC::DFG::mightInlineFunctionFor):
3471         (JSC::DFG::canInlineFunctionFor):
3472         * dfg/DFGJITCodeGenerator.h:
3473         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3474         * runtime/Executable.h:
3475         (JSC::isCall):
3476         (JSC::ExecutableBase::intrinsicFor):
3477         * runtime/Heuristics.cpp:
3478         (JSC::Heuristics::initializeHeuristics):
3479         * runtime/Heuristics.h:
3480
3481 2011-10-23  Noel Gordon  <noel.gordon@gmail.com>
3482
3483         [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
3484         https://bugs.webkit.org/show_bug.cgi?id=70703
3485
3486         Reviewed by Kent Tamura.
3487
3488         runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
3489         to these files from the gyp project files.
3490
3491         * JavaScriptCore.gypi:
3492
3493 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
3494
3495         Add deleteProperty to the MethodTable
3496         https://bugs.webkit.org/show_bug.cgi?id=70162
3497
3498         Reviewed by Sam Weinig.
3499
3500         * JavaScriptCore.exp:
3501         * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
3502         * runtime/JSFunction.h: Changed JSFunction::deleteProperty to 
3503         be protected rather than private for subclasses who don't provide their own
3504         implementation.
3505
3506 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
3507
3508         Remove getConstructDataVirtual
3509         https://bugs.webkit.org/show_bug.cgi?id=70638
3510
3511         Reviewed by Darin Adler.
3512
3513         Removed all declarations and definitions of getConstructDataVirtual.
3514         Also replaced all call sites to getConstructDataVirtual with a 
3515         corresponding lookup in the MethodTable.
3516
3517         * API/JSCallbackConstructor.cpp:
3518         * API/JSCallbackConstructor.h:
3519         * API/JSCallbackObject.h:
3520         * API/JSCallbackObjectFunctions.h:
3521         * API/JSObjectRef.cpp:
3522         (JSObjectIsConstructor):
3523         (JSObjectCallAsConstructor):
3524         * JavaScriptCore.exp:
3525         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3526         * dfg/DFGOperations.cpp:
3527         * interpreter/Interpreter.cpp:
3528         (JSC::Interpreter::privateExecute):
3529         * jit/JITStubs.cpp:
3530         (JSC::DEFINE_STUB_FUNCTION):
3531         * runtime/ArrayConstructor.cpp:
3532         * runtime/ArrayConstructor.h:
3533         * runtime/BooleanConstructor.cpp:
3534         * runtime/BooleanConstructor.h:
3535         * runtime/DateConstructor.cpp:
3536         * runtime/DateConstructor.h:
3537         * runtime/Error.h:
3538         (JSC::StrictModeTypeErrorFunction::getConstructData):
3539         * runtime/ErrorConstructor.cpp:
3540         * runtime/ErrorConstructor.h:
3541         * runtime/FunctionConstructor.cpp:
3542         * runtime/FunctionConstructor.h:
3543         * runtime/JSCell.cpp:
3544         * runtime/JSCell.h:
3545         * runtime/JSFunction.cpp:
3546         * runtime/JSFunction.h:
3547         * runtime/JSObject.h:
3548         (JSC::getConstructData):
3549         * runtime/NativeErrorConstructor.cpp:
3550         * runtime/NativeErrorConstructor.h:
3551         * runtime/NumberConstructor.cpp:
3552         * runtime/NumberConstructor.h:
3553         * runtime/ObjectConstructor.cpp:
3554         * runtime/ObjectConstructor.h:
3555         * runtime/RegExpConstructor.cpp:
3556         * runtime/RegExpConstructor.h:
3557         * runtime/StringConstructor.cpp:
3558         * runtime/StringConstructor.h:
3559
3560 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
3561
3562         Try to fix the SL build.
3563
3564         * dfg/DFGByteCodeParser.cpp:
3565         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
3566         away int vs unisgned warning.
3567
3568 2011-10-21  Geoffrey Garen  <ggaren@apple.com>
3569
3570         Separated string lifetime bits from character buffer state bits
3571         https://bugs.webkit.org/show_bug.cgi?id=70673
3572
3573         Reviewed by Anders Carlsson.
3574         
3575         Moved the static/immortal bit into the bottom bit of the refcount, and
3576         moved all other bits into the high bits of the hash code.
3577         
3578         This is the first step toward a new Characters/PassString class, and it
3579         makes ref/deref slightly more efficient.
3580
3581         * create_hash_table:
3582         * wtf/StringHasher.h:
3583         (WTF::StringHasher::hash): Tweaked the string hashing function to leave
3584         the top bits clear, so they can be used as flags.
3585         
3586         Fixed some small differences between the PERL copy of this function and
3587         the C++ copy of this function, which could have in theory caused subtle
3588         crashes.
3589
3590         * wtf/text/StringImpl.cpp:
3591         (WTF::StringImpl::sharedBuffer):
3592         (WTF::StringImpl::createWithTerminatingNullCharacter):
3593         * wtf/text/StringImpl.h:
3594         (WTF::StringImpl::StringImpl):
3595         (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
3596         s_didReportExtraCost, since the original name was both self-contradictory
3597         and used as a double-negative.
3598
3599         (WTF::StringImpl::isIdentifier):
3600         (WTF::StringImpl::setIsIdentifier):
3601         (WTF::StringImpl::hasTerminatingNullCharacter):
3602         (WTF::StringImpl::isAtomic):
3603         (WTF::StringImpl::setIsAtomic):
3604         (WTF::StringImpl::setHash):
3605         (WTF::StringImpl::rawHash):
3606         (WTF::StringImpl::hasHash):
3607         (WTF::StringImpl::existingHash):
3608         (WTF::StringImpl::hash):
3609         (WTF::StringImpl::hasOneRef):
3610         (WTF::StringImpl::ref):
3611         (WTF::StringImpl::deref):
3612         (WTF::StringImpl::bufferOwnership):
3613         (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
3614         bit of the refcount. Now, all lifetime information lives in the refcount
3615         field. Moved the other bits into the hash code field.
3616
3617 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
3618
3619         DFG inlining sometimes fails to reset constant references
3620         https://bugs.webkit.org/show_bug.cgi?id=70668
3621
3622         Reviewed by Anders Carlsson.
3623         
3624         Reset constant references when we need to (new block created) and not
3625         when we don't (change of inlining depth).
3626
3627         * dfg/DFGByteCodeParser.cpp:
3628         (JSC::DFG::ByteCodeParser::handleInlining):
3629         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
3630         (JSC::DFG::ByteCodeParser::parseBlock):
3631         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3632
3633 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
3634
3635         DFG should have inlining
3636         https://bugs.webkit.org/show_bug.cgi?id=69996
3637
3638         Reviewed by Oliver Hunt.
3639         
3640         Implements inlining that's hooked into the bytecode parser. Only
3641         works for calls, for now, though nothing fundamentally prevents us
3642         from inlining constructor calls. 2% overall speed-up on all
3643         benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
3644         richards respectively), neutral on Kraken and SunSpider. 
3645         
3646         * bytecode/CodeBlock.cpp:
3647         (JSC::CodeBlock::visitAggregate):
3648         * bytecode/CodeBlock.h:
3649         (JSC::CodeBlock::baselineVersion):
3650         (JSC::CodeBlock::setInstructionCount):
3651         (JSC::CodeBlock::likelyToTakeSlowCase):
3652         (JSC::CodeBlock::couldTakeSlowCase):
3653         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
3654         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
3655         (JSC::CodeBlock::likelyToTakeAnySlowCase):
3656         * bytecode/CodeOrigin.h:
3657         (JSC::CodeOrigin::inlineDepthForCallFrame):
3658         (JSC::CodeOrigin::inlineDepth):
3659         (JSC::CodeOrigin::operator==):
3660         (JSC::CodeOrigin::inlineStack):
3661         * bytecompiler/BytecodeGenerator.cpp:
3662         (JSC::BytecodeGenerator::generate):
3663         * dfg/DFGAbstractState.cpp:
3664         (JSC::DFG::AbstractState::beginBasicBlock):
3665         (JSC::DFG::AbstractState::execute):
3666         (JSC::DFG::AbstractState::mergeStateAtTail):
3667         * dfg/DFGBasicBlock.h:
3668         (JSC::DFG::BasicBlock::BasicBlock):
3669         (JSC::DFG::BasicBlock::ensureLocals):
3670         (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
3671         * dfg/DFGByteCodeParser.cpp:
3672         (JSC::DFG::ByteCodeParser::ByteCodeParser):
3673         (JSC::DFG::ByteCodeParser::getDirect):
3674         (JSC::DFG::ByteCodeParser::get):
3675         (JSC::DFG::ByteCodeParser::setDirect):
3676         (JSC::DFG::ByteCodeParser::set):
3677         (JSC::DFG::ByteCodeParser::getLocal):
3678         (JSC::DFG::ByteCodeParser::getArgument):
3679         (JSC::DFG::ByteCodeParser::flush):
3680         (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
3681         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
3682         (JSC::DFG::ByteCodeParser::handleInlining):
3683         (JSC::DFG::ByteCodeParser::parseBlock):
3684         (JSC::DFG::ByteCodeParser::processPhiStack):
3685         (JSC::DFG::ByteCodeParser::linkBlock):
3686         (JSC::DFG::ByteCodeParser::linkBlocks):
3687         (JSC::DFG::ByteCodeParser::handleSuccessor):
3688         (JSC::DFG::ByteCodeParser::determineReachability):
3689         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
3690         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3691         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3692         (JSC::DFG::ByteCodeParser::parse):
3693         * dfg/DFGCapabilities.cpp:
3694         (JSC::DFG::canHandleOpcodes):
3695         (JSC::DFG::canCompileOpcodes):
3696         (JSC::DFG::canInlineOpcodes):
3697         * dfg/DFGCapabilities.h:
3698         (JSC::DFG::mightCompileEval):
3699         (JSC::DFG::mightCompileProgram):
3700         (JSC::DFG::mightCompileFunctionForCall):
3701         (JSC::DFG::mightCompileFunctionForConstruct):
3702         (JSC::DFG::mightInlineFunctionForCall):
3703         (JSC::DFG::mightInlineFunctionForConstruct):
3704         (JSC::DFG::canInlineOpcode):
3705         (JSC::DFG::canInlineOpcodes):
3706         (JSC::DFG::canInlineFunctionForCall):
3707         (JSC::DFG::canInlineFunctionForConstruct):
3708         * dfg/DFGGraph.cpp:
3709         (JSC::DFG::printWhiteSpace):
3710         (JSC::DFG::Graph::dumpCodeOrigin):
3711         (JSC::DFG::Graph::dump):
3712         * dfg/DFGGraph.h:
3713         (JSC::DFG::GetBytecodeBeginForBlock::operator()):
3714         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
3715         * dfg/DFGJITCompiler.cpp:
3716         (JSC::DFG::JITCompiler::decodedCodeMapFor):
3717         (JSC::DFG::JITCompiler::linkOSRExits):
3718         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
3719         * dfg/DFGJITCompiler.h:
3720         (JSC::DFG::JITCompiler::debugCall):
3721         (JSC::DFG::JITCompiler::baselineCodeBlockFor):
3722         * dfg/DFGJITCompiler32_64.cpp:
3723         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
3724         * dfg/DFGNode.h:
3725         (JSC::DFG::Node::hasVariableAccessData):
3726         (JSC::DFG::Node::shouldGenerate):
3727         * dfg/DFGOperands.h:
3728         (JSC::DFG::Operands::ensureLocals):
3729         (JSC::DFG::Operands::setLocal):
3730         (JSC::DFG::Operands::getLocal):
3731         * dfg/DFGPropagator.cpp:
3732         (JSC::DFG::Propagator::propagateNodePredictions):
3733         * dfg/DFGSpeculativeJIT.cpp:
3734         (JSC::DFG::OSRExit::OSRExit):
3735         (JSC::DFG::SpeculativeJIT::compile):
3736         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3737         * dfg/DFGSpeculativeJIT.h:
3738         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
3739         * dfg/DFGSpeculativeJIT32_64.cpp:
3740         (JSC::DFG::SpeculativeJIT::compile):
3741         * dfg/DFGSpeculativeJIT64.cpp:
3742         (JSC::DFG::SpeculativeJIT::compile):
3743         * interpreter/CallFrame.cpp:
3744         (JSC::CallFrame::trueCallerFrameSlow):
3745         * jit/JITCall.cpp:
3746         (JSC::JIT::compileOpCallSlowCase):
3747         * jit/JITStubs.cpp:
3748         (JSC::DEFINE_STUB_FUNCTION):
3749         * runtime/Executable.cpp:
3750         (JSC::FunctionExecutable::baselineCodeBlockFor):
3751         (JSC::FunctionExecutable::produceCodeBlockFor):
3752         (JSC::FunctionExecutable::compileForCallInternal):
3753         (JSC::FunctionExecutable::compileForConstructInternal):
3754         * runtime/Executable.h:
3755         (JSC::FunctionExecutable::profiledCodeBlockFor):
3756         (JSC::FunctionExecutable::parameterCount):
3757         * runtime/Heuristics.cpp:
3758         (JSC::Heuristics::initializeHeuristics):
3759         * runtime/Heuristics.h:
3760         * runtime/JSFunction.h:
3761
3762 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
3763
3764         Add put to the MethodTable
3765         https://bugs.webkit.org/show_bug.cgi?id=70439
3766
3767         Reviewed by Oliver Hunt.
3768
3769         * JavaScriptCore.exp:
3770         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3771         * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
3772         * runtime/JSFunction.h: Changed access modifier for put to protected since some
3773         subclasses of JSFunction need to reference it in their MethodTables.
3774
3775 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
3776
3777         Add finalizer to JSObject
3778         https://bugs.webkit.org/show_bug.cgi?id=70336
3779
3780         Reviewed by Darin Adler.
3781
3782         * heap/MarkedBlock.cpp:
3783         (JSC::MarkedBlock::callDestructor): Skip the call to the destructor 
3784         if we're a JSFinalObject, since the finalizer takes care of things.
3785         * runtime/JSCell.h:
3786         (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with 
3787         future changes and the fact that we no longer always call the destructor, making 
3788         the information provided less useful.
3789         * runtime/JSObject.cpp:
3790         (JSC::JSObject::finalize): Add finalizer for JSObject.
3791         (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
3792         property storage, we add a finalizer to ourself.
3793         * runtime/JSObject.h:
3794
3795 2011-10-21  Simon Hausmann  <simon.hausmann@nokia.com>
3796
3797         Remove QtScript source code from WebKit.
3798         https://bugs.webkit.org/show_bug.cgi?id=64088
3799
3800         Reviewed by Tor Arne Vestbø.
3801
3802         Removed dead code that isn't developed anymore.
3803
3804         * JavaScriptCore.gypi:
3805         * JavaScriptCore.pri:
3806         * qt/api/QtScript.pro: Removed.
3807         * qt/api/qscriptconverter_p.h: Removed.
3808         * qt/api/qscriptengine.cpp: Removed.
3809         * qt/api/qscriptengine.h: Removed.
3810         * qt/api/qscriptengine_p.cpp: Removed.
3811         * qt/api/qscriptengine_p.h: Removed.
3812         * qt/api/qscriptfunction.cpp: Removed.
3813         * qt/api/qscriptfunction_p.h: Removed.
3814         * qt/api/qscriptoriginalglobalobject_p.h: Removed.
3815         * qt/api/qscriptprogram.cpp: Removed.
3816         * qt/api/qscriptprogram.h: Removed.
3817         * qt/api/qscriptprogram_p.h: Removed.
3818         * qt/api/qscriptstring.cpp: Removed.
3819         * qt/api/qscriptstring.h: Removed.
3820         * qt/api/qscriptstring_p.h: Removed.
3821         * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
3822         * qt/api/qscriptsyntaxcheckresult.h: Removed.
3823         * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
3824         * qt/api/qscriptvalue.cpp: Removed.
3825         * qt/api/qscriptvalue.h: Removed.
3826         * qt/api/qscriptvalue_p.h: Removed.
3827         * qt/api/qscriptvalueiterator.cpp: Removed.
3828         * qt/api/qscriptvalueiterator.h: Removed.
3829         * qt/api/qscriptvalueiterator_p.h: Removed.
3830         * qt/api/qtscriptglobal.h: Removed.
3831         * qt/benchmarks/benchmarks.pri: Removed.
3832         * qt/benchmarks/benchmarks.pro: Removed.
3833         * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
3834         * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
3835         * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
3836         * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
3837         * qt/tests/qscriptengine/qscriptengine.pro: Removed.
3838         * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
3839         * qt/tests/qscriptstring/qscriptstring.pro: Removed.
3840         * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
3841         * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
3842         * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
3843         * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
3844         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
3845         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
3846         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
3847         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
3848         * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
3849         * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
3850         * qt/tests/tests.pri: Removed.
3851         * qt/tests/tests.pro: Removed.
3852
3853 2011-10-21  Zheng Liu  <zheng.z.liu@intel.com>
3854
3855         bytecompiler sometimes generates incorrect bytecode for put_by_id
3856         https://bugs.webkit.org/show_bug.cgi?id=70403
3857
3858         Reviewed by Filip Pizlo.
3859
3860         * bytecompiler/NodesCodegen.cpp:
3861         (JSC::AssignDotNode::emitBytecode):
3862         (JSC::AssignBracketNode::emitBytecode):
3863
3864 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
3865
3866         DFG should not try to predict argument types by looking at the values of
3867         argument registers at the time of compilation
3868         https://bugs.webkit.org/show_bug.cgi?id=70578
3869
3870         Reviewed by Oliver Hunt.
3871
3872         * bytecode/CodeBlock.cpp:
3873         * dfg/DFGDriver.cpp:
3874         (JSC::DFG::compile):
3875         (JSC::DFG::tryCompile):
3876         (JSC::DFG::tryCompileFunction):
3877         * dfg/DFGDriver.h:
3878         (JSC::DFG::tryCompileFunction):
3879         * dfg/DFGGraph.cpp:
3880         (JSC::DFG::Graph::predictArgumentTypes):
3881         * dfg/DFGGraph.h:
3882         * runtime/Executable.cpp:
3883         (JSC::FunctionExecutable::compileOptimizedForCall):
3884         (JSC::FunctionExecutable::compileOptimizedForConstruct):
3885         (JSC::FunctionExecutable::compileForCallInternal):
3886         (JSC::FunctionExecutable::compileForConstructInternal):
3887         * runtime/Executable.h:
3888         (JSC::FunctionExecutable::compileForCall):
3889         (JSC::FunctionExecutable::compileForConstruct):
3890         (JSC::FunctionExecutable::compileFor):
3891         (JSC::FunctionExecutable::compileOptimizedFor):
3892
3893 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
3894
3895         DFG call optimization handling will fail if the call had been unlinked due
3896         to the callee being optimized
3897         https://bugs.webkit.org/show_bug.cgi?id=70468
3898
3899         Reviewed by Geoff Garen.
3900         
3901         If a call had ever been linked, we remember this fact as well as the function
3902         to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
3903         called.
3904
3905         * bytecode/CodeBlock.cpp:
3906         (JSC::CodeBlock::visitAggregate):
3907         * bytecode/CodeBlock.h:
3908         * dfg/DFGByteCodeParser.cpp:
3909         (JSC::DFG::ByteCodeParser::parseBlock):
3910         * dfg/DFGRepatch.cpp:
3911         (JSC::DFG::dfgLinkFor):
3912         * jit/JIT.cpp:
3913         (JSC::JIT::linkFor):
3914
3915 2011-10-20  Yuqiang Xian  <yuqiang.xian@intel.com>
3916
3917         DFG JIT 32_64 - Fix ByteArray speculation
3918         https://bugs.webkit.org/show_bug.cgi?id=70571
3919
3920         Reviewed by Filip Pizlo.
3921
3922         * dfg/DFGSpeculativeJIT.h:
3923         (JSC::DFG::ValueSource::forPrediction):
3924         * dfg/DFGSpeculativeJIT32_64.cpp:
3925         (JSC::DFG::SpeculativeJIT::compile):
3926
3927 2011-10-20  Vincent Scheib  <scheib@chromium.org>
3928
3929         MouseLock compile and run time flags.
3930         https://bugs.webkit.org/show_bug.cgi?id=70530
3931
3932         Reviewed by Darin Fisher.
3933
3934         * wtf/Platform.h:
3935
3936 2011-10-20  Mark Hahnenberg  <mhahnenberg@apple.com>
3937
3938         Rename static deleteProperty to deletePropertyByIndex
3939         https://bugs.webkit.org/show_bug.cgi?id=70257
3940
3941         Reviewed by Geoffrey Garen.
3942
3943         Renaming versions of deleteProperty that use an unsigned as the property
3944         name to "deletePropertyByIndex" in preparation for adding them to the 
3945         MethodTable, which requires unique names for each method.
3946
3947         * API/JSCallbackObject.h:
3948         * API/JSCallbackObjectFunctions.h:
3949         (JSC::::deletePropertyVirtual):
3950         (JSC::::deletePropertyByIndex):
3951         * runtime/Arguments.cpp:
3952         (JSC::Arguments::deletePropertyVirtual):
3953         (JSC::Arguments::deletePropertyByIndex):
3954         * runtime/Arguments.h:
3955         * runtime/JSArray.cpp:
3956         (JSC::JSArray::deletePropertyVirtual):
3957         (JSC::JSArray::deletePropertyByIndex):
3958         * runtime/JSArray.h:
3959         * runtime/JSCell.cpp:
3960         (JSC::JSCell::deletePropertyVirtual):
3961         (JSC::JSCell::deletePropertyByIndex):
3962         * runtime/JSCell.h:
3963         * runtime/JSNotAnObject.cpp:
3964         (JSC::JSNotAnObject::deletePropertyVirtual):
3965         (JSC::JSNotAnObject::deletePropertyByIndex):
3966         * runtime/JSNotAnObject.h:
3967         * runtime/JSObject.cpp:
3968         (JSC::JSObject::deletePropertyVirtual):
3969         (JSC::JSObject::deletePropertyByIndex):
3970         * runtime/JSObject.h:
3971         * runtime/RegExpMatchesArray.h:
3972         (JSC::RegExpMatchesArray::deletePropertyVirtual):
3973         (JSC::RegExpMatchesArray::deletePropertyByIndex):
3974
3975 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
3976
3977         https://bugs.webkit.org/show_bug.cgi?id=70482
3978         DFG-related stubs in the old JIT should not be built if the DFG is disabled
3979
3980         Reviewed by Zoltan Herczeg.
3981         
3982         Aiming for a slight code size/build time reduction if the DFG is not in
3983         play. This should also make further DFG development slightly easier since
3984         the bodies of these JIT stubs can now safely refer to things that are only
3985         declared when the DFG is enabled.
3986
3987         * jit/JITStubs.cpp:
3988         * jit/JITStubs.h:
3989
3990 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
3991
3992         DFG ConvertThis emits slow code when the source node is known to be,
3993         but not predicted to be, a final object
3994         https://bugs.webkit.org/show_bug.cgi?id=70466
3995
3996         Reviewed by Oliver Hunt.
3997         
3998         Added a new case in ConvertThis compilation.
3999
4000         * dfg/DFGSpeculativeJIT32_64.cpp:
4001         (JSC::DFG::SpeculativeJIT::compile):
4002         * dfg/DFGSpeculativeJIT64.cpp:
4003         (JSC::DFG::SpeculativeJIT::compile):
4004
4005 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
4006
4007         Optimization triggers in the old JIT may sometimes fire repeatedly even
4008         though there is no optimization to be done
4009         https://bugs.webkit.org/show_bug.cgi?id=70467
4010
4011         Reviewed by Oliver Hunt.
4012         
4013         If optimize_from_ret does nothing, it delays the next optimization trigger.
4014         This is performance-neutral.
4015
4016         * jit/JITStubs.cpp:
4017         (JSC::DEFINE_STUB_FUNCTION):
4018         * runtime/Heuristics.cpp:
4019         (JSC::Heuristics::initializeHeuristics):
4020
4021 2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
4022
4023         DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
4024         https://bugs.webkit.org/show_bug.cgi?id=70460
4025
4026         Reviewed by Filip Pizlo.
4027
4028         As pointed out by Gavin in bug #70418, when a value is already in memory
4029         we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
4030         This gives 9% improvement on Kraken if without the change in bug #70418,
4031         and 1% if based on the code with bug #70418 change.
4032         Performance is neutral in V8 and SunSpider.
4033
4034         * dfg/DFGJITCodeGenerator32_64.cpp:
4035         (JSC::DFG::JITCodeGenerator::fillDouble):
4036         * dfg/DFGSpeculativeJIT32_64.cpp:
4037         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
4038
4039 2011-10-19  Gavin Barraclough  <barraclough@apple.com>
4040
4041         Poisoning of strict caller,arguments inappropriately poisoning "in"
4042         https://bugs.webkit.org/show_bug.cgi?id=63398
4043
4044         Reviewed by Oliver Hunt.